ng program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
recvmsg(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @multicast}}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000080)=""/181, 0xb5}, {&(0x7f0000000140)=""/173, 0xad}, {&(0x7f0000000200)=""/70, 0x46}], 0x3, &(0x7f0000000400)=""/216, 0xd8}, 0x1) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0200000090780000"], 0x0)

[  477.621512][T14026] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:48 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
recvmsg(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @multicast}}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000080)=""/181, 0xb5}, {&(0x7f0000000140)=""/173, 0xad}, {&(0x7f0000000200)=""/70, 0x46}], 0x3, &(0x7f0000000400)=""/216, 0xd8}, 0x1) (async)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0200000090780000"], 0x0)

01:35:48 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0)

[  477.839097][ T3603] Bluetooth: hci1: command 0x040f tx timeout
01:35:48 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x3)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:35:48 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(0x0, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)

01:35:48 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x3)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x3) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)

[  478.053609][T14049] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.115502][T14048] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.125512][T14045] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:49 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:49 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x3) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:35:49 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:49 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x101000, 0x2, 0x8}, 0x18)
sendto$inet(r1, &(0x7f0000000080)="fe98ac4b88336370e4171d2b41dc5ba3876b9c7e6f8016dad9be3b0eb35d30f7f1c68550f4aa726ce5ca00bf2d1baae5688eec1da9d4519e71ef73ed8096a703862bdbb7aa414d9365c93bb23c033c2160f12bf0e0e607f70698e8f06ee8b485c53b9da1941beeb706eddd7d49ae448f9b590d47f1390092bcc78a426e8390788fab4c42a9fabdae0e0391a1879b282af2ed2e4c8854b4db66002d9f61cbc6b5af7fa4ba90c0f12fba71d56952498a37a070b86d3687f4c87d32834cdb72c23f05371ef94da2126a7702daab04", 0xcd, 0x80, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
listen(r0, 0x0)
openat(r1, &(0x7f00000001c0)='./file0\x00', 0x4000, 0x8)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800f4ff00000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0100000000000000"], 0x0)

01:35:49 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, 0x0, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:49 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(0x0, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)

01:35:49 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x101000, 0x2, 0x8}, 0x18)
sendto$inet(r1, &(0x7f0000000080)="fe98ac4b88336370e4171d2b41dc5ba3876b9c7e6f8016dad9be3b0eb35d30f7f1c68550f4aa726ce5ca00bf2d1baae5688eec1da9d4519e71ef73ed8096a703862bdbb7aa414d9365c93bb23c033c2160f12bf0e0e607f70698e8f06ee8b485c53b9da1941beeb706eddd7d49ae448f9b590d47f1390092bcc78a426e8390788fab4c42a9fabdae0e0391a1879b282af2ed2e4c8854b4db66002d9f61cbc6b5af7fa4ba90c0f12fba71d56952498a37a070b86d3687f4c87d32834cdb72c23f05371ef94da2126a7702daab04", 0xcd, 0x80, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
listen(r0, 0x0)
openat(r1, &(0x7f00000001c0)='./file0\x00', 0x4000, 0x8)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800f4ff00000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0100000000000000"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x101000, 0x2, 0x8}, 0x18) (async)
sendto$inet(r1, &(0x7f0000000080)="fe98ac4b88336370e4171d2b41dc5ba3876b9c7e6f8016dad9be3b0eb35d30f7f1c68550f4aa726ce5ca00bf2d1baae5688eec1da9d4519e71ef73ed8096a703862bdbb7aa414d9365c93bb23c033c2160f12bf0e0e607f70698e8f06ee8b485c53b9da1941beeb706eddd7d49ae448f9b590d47f1390092bcc78a426e8390788fab4c42a9fabdae0e0391a1879b282af2ed2e4c8854b4db66002d9f61cbc6b5af7fa4ba90c0f12fba71d56952498a37a070b86d3687f4c87d32834cdb72c23f05371ef94da2126a7702daab04", 0xcd, 0x80, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10) (async)
listen(r0, 0x0) (async)
openat(r1, &(0x7f00000001c0)='./file0\x00', 0x4000, 0x8) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800f4ff00000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0100000000000000"], 0x0) (async)

[  478.593850][T14071] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:49 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x101000, 0x2, 0x8}, 0x18)
sendto$inet(r1, &(0x7f0000000080)="fe98ac4b88336370e4171d2b41dc5ba3876b9c7e6f8016dad9be3b0eb35d30f7f1c68550f4aa726ce5ca00bf2d1baae5688eec1da9d4519e71ef73ed8096a703862bdbb7aa414d9365c93bb23c033c2160f12bf0e0e607f70698e8f06ee8b485c53b9da1941beeb706eddd7d49ae448f9b590d47f1390092bcc78a426e8390788fab4c42a9fabdae0e0391a1879b282af2ed2e4c8854b4db66002d9f61cbc6b5af7fa4ba90c0f12fba71d56952498a37a070b86d3687f4c87d32834cdb72c23f05371ef94da2126a7702daab04", 0xcd, 0x80, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
listen(r0, 0x0) (async)
openat(r1, &(0x7f00000001c0)='./file0\x00', 0x4000, 0x8) (async, rerun: 64)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800f4ff00000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0100000000000000"], 0x0) (rerun: 64)

[  478.758967][T14068] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.216585][ T4780] device hsr_slave_0 left promiscuous mode
[  479.258460][ T4780] device hsr_slave_1 left promiscuous mode
[  479.331454][ T4780] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  479.385637][ T4780] batman_adv: batadv0: Removing interface: batadv_slave_0
[  479.433063][ T4780] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  479.465899][ T4780] batman_adv: batadv0: Removing interface: batadv_slave_1
[  479.519017][ T4780] device bridge_slave_1 left promiscuous mode
[  479.527066][ T4780] bridge0: port 2(bridge_slave_1) entered disabled state
[  479.536632][ T4780] device bridge_slave_0 left promiscuous mode
[  479.543442][ T4780] bridge0: port 1(bridge_slave_0) entered disabled state
[  479.557576][ T4780] device veth1_macvtap left promiscuous mode
[  479.563857][ T4780] device veth0_macvtap left promiscuous mode
[  479.570566][ T4780] device veth1_vlan left promiscuous mode
[  479.576569][ T4780] device veth0_vlan left promiscuous mode
[  479.865262][ T4780] team0 (unregistering): Port device team_slave_1 removed
[  479.881350][ T4780] team0 (unregistering): Port device team_slave_0 removed
[  479.897715][ T4780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  479.914546][ T4780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  479.977105][ T4780] bond0 (unregistering): Released all slaves
[  482.015625][   T46] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  482.025119][   T46] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  482.033623][   T46] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  482.042014][   T46] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  482.049889][   T46] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  482.057241][   T46] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  482.142200][T14088] chnl_net:caif_netlink_parms(): no params data found
[  482.183267][T14088] bridge0: port 1(bridge_slave_0) entered blocking state
[  482.190629][T14088] bridge0: port 1(bridge_slave_0) entered disabled state
[  482.198345][T14088] device bridge_slave_0 entered promiscuous mode
[  482.207244][T14088] bridge0: port 2(bridge_slave_1) entered blocking state
[  482.214682][T14088] bridge0: port 2(bridge_slave_1) entered disabled state
[  482.222644][T14088] device bridge_slave_1 entered promiscuous mode
[  482.246331][T14088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  482.257215][T14088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  482.283655][T14088] team0: Port device team_slave_0 added
[  482.292134][T14088] team0: Port device team_slave_1 added
[  482.312654][T14088] batman_adv: batadv0: Adding interface: batadv_slave_0
[  482.319954][T14088] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  482.345933][T14088] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  482.362635][T14088] batman_adv: batadv0: Adding interface: batadv_slave_1
[  482.369859][T14088] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  482.396028][T14088] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  482.424957][T14088] device hsr_slave_0 entered promiscuous mode
[  482.431621][T14088] device hsr_slave_1 entered promiscuous mode
[  482.438167][T14088] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  482.448839][T14088] Cannot create hsr debugfs directory
[  482.516058][T14088] bridge0: port 2(bridge_slave_1) entered blocking state
[  482.523176][T14088] bridge0: port 2(bridge_slave_1) entered forwarding state
[  482.530572][T14088] bridge0: port 1(bridge_slave_0) entered blocking state
[  482.537758][T14088] bridge0: port 1(bridge_slave_0) entered forwarding state
[  482.583740][T14088] 8021q: adding VLAN 0 to HW filter on device bond0
[  482.598547][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  482.607026][ T3675] bridge0: port 1(bridge_slave_0) entered disabled state
[  482.615765][ T3675] bridge0: port 2(bridge_slave_1) entered disabled state
[  482.624346][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  482.639689][T14088] 8021q: adding VLAN 0 to HW filter on device team0
[  482.651450][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  482.659886][ T3674] bridge0: port 1(bridge_slave_0) entered blocking state
[  482.666926][ T3674] bridge0: port 1(bridge_slave_0) entered forwarding state
[  482.689947][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  482.698421][ T3675] bridge0: port 2(bridge_slave_1) entered blocking state
[  482.705536][ T3675] bridge0: port 2(bridge_slave_1) entered forwarding state
[  482.714779][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  482.724900][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  482.740761][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  482.750011][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  482.761308][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  482.776541][T14088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  482.794267][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  482.802152][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  482.815006][T14088] 8021q: adding VLAN 0 to HW filter on device batadv0
[  482.833040][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  482.855200][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  482.865166][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  482.873301][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  482.883624][T14088] device veth0_vlan entered promiscuous mode
[  482.895805][T14088] device veth1_vlan entered promiscuous mode
[  482.914643][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  482.924814][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  482.933584][ T3675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  482.944389][T14088] device veth0_macvtap entered promiscuous mode
[  482.955787][T14088] device veth1_macvtap entered promiscuous mode
[  482.976125][T14088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  482.987594][T14088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.997735][T14088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  483.008446][T14088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  483.018421][T14088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  483.029738][T14088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  483.042140][T14088] batman_adv: batadv0: Interface activated: batadv_slave_0
[  483.051128][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  483.060747][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  483.075535][T14088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  483.086540][T14088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  483.097241][T14088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  483.108081][T14088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  483.119812][T14088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  483.131085][T14088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  483.147851][T14088] batman_adv: batadv0: Interface activated: batadv_slave_1
[  483.157828][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  483.226699][ T4780] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  483.237654][ T4780] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  483.257892][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  483.276375][  T936] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  483.284553][  T936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  483.296263][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  483.349696][T14094] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  483.365229][T14094] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:54 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0)

01:35:54 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:54 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
pipe2(&(0x7f0000000100)={<r1=>0xffffffffffffffff}, 0x4000)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r2, 0x400454de, 0x7fffffffefff)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2, {r1}}, './file0\x00'})
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000000))
listen(r0, 0x0)
syz_emit_ethernet(0x72, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004488006400000000000690780a010102ac1414aa440c17537f0000010000000701442c9411ac14142800000000ac1e000100000009ac1414bb0000001f00000000000004007f0000010000000800000000004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c04000690a77800"], 0x0)

01:35:54 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:54 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:54 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  483.774311][T14106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:54 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
pipe2(&(0x7f0000000100)={<r1=>0xffffffffffffffff}, 0x4000)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r2, 0x400454de, 0x7fffffffefff)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2, {r1}}, './file0\x00'})
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000000))
listen(r0, 0x0)
syz_emit_ethernet(0x72, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004488006400000000000690780a010102ac1414aa440c17537f0000010000000701442c9411ac14142800000000ac1e000100000009ac1414bb0000001f00000000000004007f0000010000000800000000004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c04000690a77800"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
pipe2(&(0x7f0000000100), 0x4000) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
ioctl$TUNSETOFFLOAD(r2, 0x400454de, 0x7fffffffefff) (async)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2, {r1}}, './file0\x00'}) (async)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000000)) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x72, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004488006400000000000690780a010102ac1414aa440c17537f0000010000000701442c9411ac14142800000000ac1e000100000009ac1414bb0000001f00000000000004007f0000010000000800000000004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c04000690a77800"], 0x0) (async)

[  483.935390][T14106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:54 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
pipe2(&(0x7f0000000100)={<r1=>0xffffffffffffffff}, 0x4000)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r2, 0x400454de, 0x7fffffffefff)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2, {r1}}, './file0\x00'}) (async)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000000))
listen(r0, 0x0)
syz_emit_ethernet(0x72, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004488006400000000000690780a010102ac1414aa440c17537f0000010000000701442c9411ac14142800000000ac1e000100000009ac1414bb0000001f00000000000004007f0000010000000800000000004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c04000690a77800"], 0x0)

[  484.078898][ T3684] Bluetooth: hci1: command 0x0409 tx timeout
01:35:55 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x0, &(0x7f0000000040)=0x7f, 0x4)
syz_emit_ethernet(0xaa, &(0x7f00000000c0)={@empty, @multicast, @void, {@llc={0x4, {@llc={0x8e, 0xf0, "fce1", "ff334292406663420eda423aed3c915dfb62c31978a68e960447aaaa214131aba9bf6ba8fa3bc719f40500684810a1ad7c210cbb159dd6b73a6de7b081052b0f40a6eed0a5112b4c0f3020ec111a9884cc41c66b02e43806522b734166306970ed9249231540128a7bd093b727bfdfa042880c8fc0485d3452db90615b0d45703df088450c6ff65cff20b0bedb780780f7eb07a7224c73ec"}}}}}, 0x0)

01:35:55 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)

01:35:55 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async)
setsockopt$inet_tcp_int(r1, 0x6, 0x0, &(0x7f0000000040)=0x7f, 0x4) (async)
syz_emit_ethernet(0xaa, &(0x7f00000000c0)={@empty, @multicast, @void, {@llc={0x4, {@llc={0x8e, 0xf0, "fce1", "ff334292406663420eda423aed3c915dfb62c31978a68e960447aaaa214131aba9bf6ba8fa3bc719f40500684810a1ad7c210cbb159dd6b73a6de7b081052b0f40a6eed0a5112b4c0f3020ec111a9884cc41c66b02e43806522b734166306970ed9249231540128a7bd093b727bfdfa042880c8fc0485d3452db90615b0d45703df088450c6ff65cff20b0bedb780780f7eb07a7224c73ec"}}}}}, 0x0)

[  484.405230][T14130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:55 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0) (async)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async, rerun: 32)
setsockopt$inet_tcp_int(r1, 0x6, 0x0, &(0x7f0000000040)=0x7f, 0x4) (rerun: 32)
syz_emit_ethernet(0xaa, &(0x7f00000000c0)={@empty, @multicast, @void, {@llc={0x4, {@llc={0x8e, 0xf0, "fce1", "ff334292406663420eda423aed3c915dfb62c31978a68e960447aaaa214131aba9bf6ba8fa3bc719f40500684810a1ad7c210cbb159dd6b73a6de7b081052b0f40a6eed0a5112b4c0f3020ec111a9884cc41c66b02e43806522b734166306970ed9249231540128a7bd093b727bfdfa042880c8fc0485d3452db90615b0d45703df088450c6ff65cff20b0bedb780780f7eb07a7224c73ec"}}}}}, 0x0)

01:35:55 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r1, 0x400454de, 0x7fffffffefff)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080690780a010102ac1414aa00004e2200"/38, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5cee35ad29780000", @ANYRES64=r1, @ANYRES64=r0, @ANYRES32=r0, @ANYRES16=r1, @ANYBLOB="f02627bc8e11a24a5ab59bec2e739a6dfc861d29e0d8f0047d5eae1a3230a7067d929b875a6e6b244cf7457c3dd3f0232dcd8380a36407ef69fd13ce7423646dbe81d84eaf4746447708600730d32053f3911ecde29314353c92c80c6aa2819fca509610b322149169c0e5a12d99dd5911a8873ec18057242d20e015ee156fbda10b3e1d8ef0ca2f3852f1b54c36a97084b7f78c55278b81e116d860cf3fe79529ba5e8dd4815864097d06fce522", @ANYRES64=r0], 0x0)

01:35:55 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)

01:35:55 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:55 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:55 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:55 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)

01:35:55 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
ioctl$TUNSETOFFLOAD(r1, 0x400454de, 0x7fffffffefff)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080690780a010102ac1414aa00004e2200"/38, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5cee35ad29780000", @ANYRES64=r1, @ANYRES64=r0, @ANYRES32=r0, @ANYRES16=r1, @ANYBLOB="f02627bc8e11a24a5ab59bec2e739a6dfc861d29e0d8f0047d5eae1a3230a7067d929b875a6e6b244cf7457c3dd3f0232dcd8380a36407ef69fd13ce7423646dbe81d84eaf4746447708600730d32053f3911ecde29314353c92c80c6aa2819fca509610b322149169c0e5a12d99dd5911a8873ec18057242d20e015ee156fbda10b3e1d8ef0ca2f3852f1b54c36a97084b7f78c55278b81e116d860cf3fe79529ba5e8dd4815864097d06fce522", @ANYRES64=r0], 0x0)

[  484.984732][T14148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:55 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r1, 0x400454de, 0x7fffffffefff)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080690780a010102ac1414aa00004e2200"/38, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5cee35ad29780000", @ANYRES64=r1, @ANYRES64=r0, @ANYRES32=r0, @ANYRES16=r1, @ANYBLOB="f02627bc8e11a24a5ab59bec2e739a6dfc861d29e0d8f0047d5eae1a3230a7067d929b875a6e6b244cf7457c3dd3f0232dcd8380a36407ef69fd13ce7423646dbe81d84eaf4746447708600730d32053f3911ecde29314353c92c80c6aa2819fca509610b322149169c0e5a12d99dd5911a8873ec18057242d20e015ee156fbda10b3e1d8ef0ca2f3852f1b54c36a97084b7f78c55278b81e116d860cf3fe79529ba5e8dd4815864097d06fce522", @ANYRES64=r0], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
ioctl$TUNSETOFFLOAD(r1, 0x400454de, 0x7fffffffefff) (async)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080690780a010102ac1414aa00004e2200"/38, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5cee35ad29780000", @ANYRES64=r1, @ANYRES64=r0, @ANYRES32=r0, @ANYRES16=r1, @ANYBLOB="f02627bc8e11a24a5ab59bec2e739a6dfc861d29e0d8f0047d5eae1a3230a7067d929b875a6e6b244cf7457c3dd3f0232dcd8380a36407ef69fd13ce7423646dbe81d84eaf4746447708600730d32053f3911ecde29314353c92c80c6aa2819fca509610b322149169c0e5a12d99dd5911a8873ec18057242d20e015ee156fbda10b3e1d8ef0ca2f3852f1b54c36a97084b7f78c55278b81e116d860cf3fe79529ba5e8dd4815864097d06fce522", @ANYRES64=r0], 0x0) (async)

[  485.050439][T14155] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  485.160638][T14155] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:56 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r1, 0x400454de, 0x7fffffffefff)
syz_emit_ethernet(0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=r1, @ANYBLOB="dab534e68c5d43ce9dbf219b3369c8209af81436e89fd053d917f7a16c2c1e4699bc8964488f110d6e74162fc8a76c2730ca643fd2e1fb03b3c716a5bc6442b07a8d84884f5b3044eb400a4cdd87f14803e2be05a2e897e18ef6d14f37e99798efb1073b2e94c3608e0c052e", @ANYBLOB="a9870000110000008f1ba5f33ddf4f11d542ac25a69f89492b6c65dc335fb9d44b115b927dae6750b358062e8bad8c8370bf3f5d2b08141fc04963dafb86c8ac753945c326ed0d176012f4d601858d853382640ba58310e2fdbf54f9adf7df4d3b42c60b5b03f63f949e86455ae147345a6b8c3d59397c3ce9ef10675b02a8bb91b159f1468cd6a6b0df213b35f278c081461685e49a29e96035dce985b5f7a9de6c5de2c5ce70bd50bf"], 0x0)
sendto$inet(r0, &(0x7f0000000200)="3657f0d944a124e99ab5b6f29d8bd34044eb9706c773464dcc13ba9c86a997fcb4902782d497f2a2d4982b49de89994825c6ce62bed78e26bf4df795f6f82b11862f34da3635505d771b4690cb4740dc116511561ba4f2630eac0b9f9a2b9ed3fce238014ad70858541bf23dc61a9d346ce4dfcc5a8bf351070403a58d2e6af21e977b28e137c9da298f226ba6ca61db9b8c97150f4a55429cfa9f1cf677abd4b5339e5e64d73c18de79f126bfe00cef2b443f5cf685b5abf037f53f", 0xbc, 0x40, &(0x7f00000002c0)={0x2, 0x4e22, @empty}, 0x10)
syz_emit_ethernet(0x87, &(0x7f0000000100)={@random="27beae0449e1", @link_local, @val={@val={0x9100, 0x5, 0x1, 0x4}, {0x8100, 0x7, 0x0, 0x2}}, {@x25={0x805, {0x1, 0x4, 0xb, "f26dd2118416a308e449cc4262a5a816bd534b79751bf037c51b1063730b644a1522c4d7b9c3dd436ddd9ea49714808561f18b94d726e4ded74667948ca352f8d21a6b2a975a93034de82058febb84ff92780e48d6f4a62875fb03fb853c54bb2ce2a86426fbc50a79f5e9cd795c"}}}}, &(0x7f00000001c0)={0x1, 0x1, [0xab1, 0x20a, 0x43f, 0xecb]})

01:35:56 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:35:56 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async, rerun: 32)
listen(r0, 0x0) (rerun: 32)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
ioctl$TUNSETOFFLOAD(r1, 0x400454de, 0x7fffffffefff)
syz_emit_ethernet(0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=r1, @ANYBLOB="dab534e68c5d43ce9dbf219b3369c8209af81436e89fd053d917f7a16c2c1e4699bc8964488f110d6e74162fc8a76c2730ca643fd2e1fb03b3c716a5bc6442b07a8d84884f5b3044eb400a4cdd87f14803e2be05a2e897e18ef6d14f37e99798efb1073b2e94c3608e0c052e", @ANYBLOB="a9870000110000008f1ba5f33ddf4f11d542ac25a69f89492b6c65dc335fb9d44b115b927dae6750b358062e8bad8c8370bf3f5d2b08141fc04963dafb86c8ac753945c326ed0d176012f4d601858d853382640ba58310e2fdbf54f9adf7df4d3b42c60b5b03f63f949e86455ae147345a6b8c3d59397c3ce9ef10675b02a8bb91b159f1468cd6a6b0df213b35f278c081461685e49a29e96035dce985b5f7a9de6c5de2c5ce70bd50bf"], 0x0) (async)
sendto$inet(r0, &(0x7f0000000200)="3657f0d944a124e99ab5b6f29d8bd34044eb9706c773464dcc13ba9c86a997fcb4902782d497f2a2d4982b49de89994825c6ce62bed78e26bf4df795f6f82b11862f34da3635505d771b4690cb4740dc116511561ba4f2630eac0b9f9a2b9ed3fce238014ad70858541bf23dc61a9d346ce4dfcc5a8bf351070403a58d2e6af21e977b28e137c9da298f226ba6ca61db9b8c97150f4a55429cfa9f1cf677abd4b5339e5e64d73c18de79f126bfe00cef2b443f5cf685b5abf037f53f", 0xbc, 0x40, &(0x7f00000002c0)={0x2, 0x4e22, @empty}, 0x10) (async, rerun: 64)
syz_emit_ethernet(0x87, &(0x7f0000000100)={@random="27beae0449e1", @link_local, @val={@val={0x9100, 0x5, 0x1, 0x4}, {0x8100, 0x7, 0x0, 0x2}}, {@x25={0x805, {0x1, 0x4, 0xb, "f26dd2118416a308e449cc4262a5a816bd534b79751bf037c51b1063730b644a1522c4d7b9c3dd436ddd9ea49714808561f18b94d726e4ded74667948ca352f8d21a6b2a975a93034de82058febb84ff92780e48d6f4a62875fb03fb853c54bb2ce2a86426fbc50a79f5e9cd795c"}}}}, &(0x7f00000001c0)={0x1, 0x1, [0xab1, 0x20a, 0x43f, 0xecb]}) (rerun: 64)

01:35:56 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x4, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x32)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)

[  485.482210][T14168] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:56 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async, rerun: 32)
listen(r0, 0x0) (async, rerun: 32)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r1, 0x400454de, 0x7fffffffefff) (async)
syz_emit_ethernet(0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=r1, @ANYBLOB="dab534e68c5d43ce9dbf219b3369c8209af81436e89fd053d917f7a16c2c1e4699bc8964488f110d6e74162fc8a76c2730ca643fd2e1fb03b3c716a5bc6442b07a8d84884f5b3044eb400a4cdd87f14803e2be05a2e897e18ef6d14f37e99798efb1073b2e94c3608e0c052e", @ANYBLOB="a9870000110000008f1ba5f33ddf4f11d542ac25a69f89492b6c65dc335fb9d44b115b927dae6750b358062e8bad8c8370bf3f5d2b08141fc04963dafb86c8ac753945c326ed0d176012f4d601858d853382640ba58310e2fdbf54f9adf7df4d3b42c60b5b03f63f949e86455ae147345a6b8c3d59397c3ce9ef10675b02a8bb91b159f1468cd6a6b0df213b35f278c081461685e49a29e96035dce985b5f7a9de6c5de2c5ce70bd50bf"], 0x0) (async)
sendto$inet(r0, &(0x7f0000000200)="3657f0d944a124e99ab5b6f29d8bd34044eb9706c773464dcc13ba9c86a997fcb4902782d497f2a2d4982b49de89994825c6ce62bed78e26bf4df795f6f82b11862f34da3635505d771b4690cb4740dc116511561ba4f2630eac0b9f9a2b9ed3fce238014ad70858541bf23dc61a9d346ce4dfcc5a8bf351070403a58d2e6af21e977b28e137c9da298f226ba6ca61db9b8c97150f4a55429cfa9f1cf677abd4b5339e5e64d73c18de79f126bfe00cef2b443f5cf685b5abf037f53f", 0xbc, 0x40, &(0x7f00000002c0)={0x2, 0x4e22, @empty}, 0x10) (async)
syz_emit_ethernet(0x87, &(0x7f0000000100)={@random="27beae0449e1", @link_local, @val={@val={0x9100, 0x5, 0x1, 0x4}, {0x8100, 0x7, 0x0, 0x2}}, {@x25={0x805, {0x1, 0x4, 0xb, "f26dd2118416a308e449cc4262a5a816bd534b79751bf037c51b1063730b644a1522c4d7b9c3dd436ddd9ea49714808561f18b94d726e4ded74667948ca352f8d21a6b2a975a93034de82058febb84ff92780e48d6f4a62875fb03fb853c54bb2ce2a86426fbc50a79f5e9cd795c"}}}}, &(0x7f00000001c0)={0x1, 0x1, [0xab1, 0x20a, 0x43f, 0xecb]})

[  485.627490][T14174] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  485.732716][T14174] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:56 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:56 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:56 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:56 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:35:56 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000003c0)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, <r1=>0x0})
sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="65dd4000", @ANYRES16=0x0, @ANYBLOB="00042cbd7000fbdbdf25080000000800090000000000080011000100000014002000fc0100000000000000000000000000000c001600000000000000000008001900ac1414aa05000600060000000600020001000000"], 0x5c}, 0x1, 0x0, 0x0, 0x70}, 0x20000000)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
sendmsg$inet(r0, &(0x7f0000000d80)={&(0x7f00000005c0)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10, &(0x7f0000000600)=[{&(0x7f0000001480)="22e50c6929263c4954e7b9ce5b00e391ed980f36cc85393d04f4e98ff1deab5dcab991ecfdb13ddb54aa0015eb480ab24f5f5c1964c4336fa8b21277ff46ec8a6e42483d079f5ff8d26648f110dfbfdba804e9826f83013c81d537b51c0a221fa93fe4c9cad2739885c7b562bbb5de7a4f86c7ee4b8a51f26f71c0aa4fb4f330730a142b16649a71f4291fb6f9ab7f7a589061946e79b4f31510cdfd88998a769d3fd2122fbe26ab7d93a4cbc9ea3b574f8626b5cef5882abfd2a78a17ce9de7e3eec482c4b8f93c8e693f2d6c69ba2efba39d5312f79e5137179fdb78b31b3f", 0xe0}], 0x1, &(0x7f0000000640)=[@ip_retopts={{0x20, 0x0, 0x7, {[@noop, @ssrr={0x89, 0x7, 0x34, [@loopback]}, @rr={0x7, 0x7, 0x6a, [@multicast1]}]}}}], 0x20}, 0x40000)
utimensat(0xffffffffffffffff, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x3c, r3, 0xe17, 0x0, 0x0, {0x1, 0x0, 0x6074}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_UDP_SPORT={0x6}]}, 0x3c}}, 0x0)
sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000002cc0)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000a80)={0x54, r3, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_LNS_MODE={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_COOKIE={0xc, 0xf, 0x5}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast1}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x6d76f49b0c1b1f57}, 0x8000)
listen(r0, 0x0)
sendmmsg(r0, &(0x7f0000001340)=[{{&(0x7f00000002c0)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e23, @local}}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000013c0)="4524373ce8b786de9b6c8a6d6465964eea6ee81295dbf6da563505000000bd7bb0fec128e0872aef88fa360c33d01d8f7981c2226ecb36e96c4166228a25cc845fbd6b9f2b43878d5bd4b17b5d1ce9ddd6538720c4eed222f034a81c33039874e6d43db0ea07114c463542756a8298d2e4d9c0b6e4d82a54336b8c0e546db12f2cf8338d19417aff2bb15aa521aeb4117fd1d1ec", 0x94}, {&(0x7f0000000680)="87e3d157a802b53d4ca76cdbaa7d7654bab29324f42a6a747dd1bf99026fbcc166e9b017f83e94183c4ace1f5a3f83c02735029d212eb25a13e5a05f491acc7f6ab811d8ec12a26250958996bb20320af65ba60eb2775b6a097014f201d4e366452699e679b50ec2e6de4eff03b38d85b60dad74ab486e50687246c99aa6a5eea2e2fcc6e568196c0ad9ae4faf1ee163a6b35fc41c98a0b3c4cd8cdae78c323b725eba", 0xa3}, {&(0x7f0000000340)="83d5bc34", 0x4}, {&(0x7f0000000740)="4a8410ec1cf8229b609558265021fe6cf77dfe160567be96c8c6e9b7a8231cb84d4ab8a612ef939b743e06f58fd4142a4147727651e5b2811048fc2394daddc82c07297c4cf19b856342d63fce38dd9cf65bf0bcde46542733cf401d579548e1372ba1d44d4100b758dfba83938707acd132249a4a21c178f738eebf32827551d3fb694e3ecf4afeece00e9e14d53776c3a5d4142f0e2e80a1e861774b89b8016cd46553a1fa66de700297af9d78b836dbad70c794b65355687b6d6d8f3c11b4f57979b313f181", 0xc7}, {&(0x7f0000000840)="d337b261a15c2907061023fcc1fd1431c6eec388a064c7314469bde77653e1e4701f88bcda2e8ef05d583f038165979b7685e745229f53fb5e2899a15301fab7e0f578c73f6f150261d1c5f11fd679708c43ca18a14b93e00a433a3ca4a64d4fa585243391811de499a215fb0129766a195d2ac1baf683fec32275130e93083b38841dd4e610981808a2fe0f130a50992b4380345b68c1c2df507949e580441cac1771deb50ccf0a4e9209f65d33bbf154a158d037f2b3e37f6bd08c962bfa8f0ad298f3385a29fd509dbacbde9f6c9d10", 0xd1}, {&(0x7f0000000940)="6351b73ea5ffc68ab4502f55fae0481c75b2fa105b4925f8a36894ae4f3f1b792236ac2f68235bb9aa7dc0ddf83f2d293f8071b6df62632beabf039c0e1d05d1bbe1dfea2f3b12c1", 0x48}], 0x6, &(0x7f0000002b80)=ANY=[@ANYBLOB="b0000000000000001101000001000000fc7b95d389f5443505a8ff77fb6099e7b9ff4db5f8c101a5e69ad946f782ba3084c2802aef9da5e5f31f90cbf2fc9bb86f7e399d6744cad8ff8a94b348f18282ec4001220cc0ba5a7e33f9b91bad808b4c02d9189acabe7121dc73ca1217ddf76d1326933094a936b29b20ab749fa8c07c647ea152e6bfd9e5b738e0ae462ed4553a8e97035787b061819d92d272c1e6e3766cfb000000000000000000000000726c857435f70b382ff1655cb140ccbc3d02e102ad1d03b4441fe75de9e408ebf87d027505588c6634b65638f1bacb4d26d5972ac35b59c0698bc2bfb300f49196f4bf7bb6d308759ad0c25b14023d8f453d8e0572165d74aef407f7"], 0xb0}}, {{&(0x7f0000000b00)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @private=0xa010101}}, 0x80, &(0x7f0000000e80)=[{&(0x7f0000000b80)="74e459ada7fa83451bb2e71f6f73517691feadde9ce5a98a25b0fc484e32e2c62325f469d1cab3441c32a2b6ae9c2bc1a27a127cdb051e32ae29d7a0123a23f33c487f87b4ff5f494141bfd811e7913547243e8f97993ef7e174448c8df3d27d615552a8d1617b6f52a31e742e6f3423ab8e3c", 0x73}, {&(0x7f0000000c00)="437643eeaec171dc9754c1ecf5fa03abdc6c4037b1990ab99c872bf87a7936eb40d4b75404f030dae23a0ea1719fc0d9ca50833faf3641af172b0ca4fb3286e70ad21702ae112baf88345296a933f67afba4baf625e42cec8b9506ca3433f00314225bde2efdebb4f888cb0fb4", 0x6d}, {&(0x7f0000002b40)="c65c83c7083d8b1f11a430627e77fe48cfe45f1616e2ac7bd16b938554aff7f577aba35fa0db0c865d12", 0x2a}, {&(0x7f0000000cc0)="1c8cf774cd2b9bf704cc87e4302b9ecdb72d2fee9fe8596ced9df08ab3fe16d9d7e83d9a40da482c32c080351efafca310cc78bfe9104d9575b04dd16b568effbd2cb3c5e9fd927115d2f130adabfa1f4eeae0be379b4a08f3dbcc0f4b9f98028210f4bc341ad063fc6c6d9d5e622cfff3505ed16f6102f14bcf8fe1690fa2ccdf2a3ebe9d8a2fe721deb648bf5ae62ac0163266d6a740494826368302b109020a8779d818", 0xa5}, {&(0x7f0000002a80)="eae3c4986b25f14035c8a287a104356985aaea7a7420089fe4aab776a4ca1bc7d64df925126ebb1e273b1e686e6fe71203ac7fe787221474c57c2fac50af4555dfb0c09b4ed6af081b8ebfd4f4a8df0d9bde9a31817defbeced511de26a2561edfca9a0554ef1729690bfb717839c96372fd8827ef4483133cea4fe2525d935f39d436decb3eb9273849ff98ad", 0x8d}, {&(0x7f0000000dc0)="4af0720426b5620ba98bfd07a054f61ece18ff459344eb66f93541223befbd2b761f484ebcb7b6dd", 0x28}, {&(0x7f0000000e00)="689ee8576ae86c6b7b7235733c2c9f741d91326c7209164d788b3de8202543af722df4d9198ff7ffc31afde6aa91985717ff499c88ebdcb422c465f572afacaed9e225d9", 0x44}], 0x7, &(0x7f0000000f00)=ANY=[@ANYBLOB="e00000000000000015010000faffffff2dd48066f7ae7751ff31ba8e1c4e81bd23e5602daad95f5ef78a6808153a522fd8528ec1464faf3ba7b7b0f9e09be5b1e1882468c2ac58d9bc34936be3e797935726be9333709402d34dc338d966bc861199982f3fd874a8dbf86e917f9838a30386f3821eb18f2980df8a8800df4a08f8086feb90e49875c15a542a484aecccd63cf8b3e55804b1d36c02e92bbb25f02f210f4bf67fae742223a681ed79acc812308e729005f44096f0c8d2396df3bb45a859b3a118c2c8f3a2f6b1fb694859cfc23aa4f60ddc1b320e3d000000000028000000000000000000000008000000bb48aa1125f3f33d455d8458a4614ee18ea8f71178e2000068000000000000000501000053060000b46909940b8bdcd7cddad2ab8d817b16e67f2eeb34533af7574de525975a2dee4f48019eee336463699fb6cbc0302d0f56ec0114ab75da2d3c5fb0a19024f5cbc89f2c7e247c93e97e686c549360791006eb223353000000f8000000000000003a0000000b40147403132293ee4692ceb62a3c7c847454b858a2cd2ead5351575ed8adb14c5634a4748692505fdaea381d978b03e75fa2188bc59253dfa7a34c44537d5a87c2c7293703fb1f215d9dbe6ead227fa2c581f415e2f06bf797a112f78233d2d46bd4ae665d6954149afcf1190d874283de2609cc593cb3917f05463d56ff10e7a2ace756932be0d62efa2c74101ae2fe0c1dcf7ef144e6b17a76727a4d2721ede27771178f6dca6bba57ab47663f64a00c92ae1ed9732ac42e38c23e1609f4b08923acce6051e46c64c957fc720fe56bd6706e444d6060593d832eaeca844b2bf5007d9a6bc37523cac400f0000000000000000a010000000000002cfd5eb8c3a02adf1bd30fcf78949cae650d08815ab0ada820099b499da59f045194dfb7d4a7bf78908a9a730edd5cce92f4fd0700e2129eae88e85904072d85106b4431e7fe52fac9ef64bf1bf20dfc725d26aa05663780b5e77f2ed48500029ebf8130baf5cdfe4622ca5a9b341274ae1b936f7d8b2431a9115c53b3f55daf45a7714d1d0ae882fda6fd04dd32505117450889ce78b92b955ab1e353a5951211b81c0ff83e4522f4bf8f0521b29fbcf79d0cf8e209e9037f4268b8ddab4aab8482291014130b4d5f280757430344a98822ccf98769dcb84c00000000000000600000000000000015010000ffffffffe8676db8bbb9f790c963ab8aabe4b9fd9fd1103d737b5ca3d74ec92ae8bfa159f1e23b343f079dc5cacf5a6408d42b93954cb76197d83d4ea67fd0019f055fcf3fd644024df7eb919f438d37b6f8000070000000000000000d0100000700000010f107446d223967b084a2c2a454b0f930855101a355c39a5453e65b43ff6aaa3e256039c6e356f1b6d8c9caff536a3fbb89132531aec8c388abf73ac3a73fae548cb542ddc9e7c0d5e9fcde5b5db3875869e34196064c3756287f0d008e5ca7"], 0x428}}], 0x2, 0x20000090)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000015c0)={<r4=>r0, 0x2, 0x5, 0xffffffffffffffff})
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000001680)={<r5=>0x0, 0x80, 0x2})
ioctl$BTRFS_IOC_RM_DEV_V2(r0, 0x5000943a, &(0x7f0000001a80)={{r4}, r1, 0x12, @inherit={0x60, &(0x7f0000002d00)=ANY=[@ANYBLOB="01ff000000000000030000000000000001040000000000000004000000000000080000000000000080000000000000006b87000000000000ffff000000040000000b0000000000000400000000010000000000000004000000000000009d2bc778"]}, @devid=r5})
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08005f00002800000000000690780a010102ac1414aa00004e22d7332e74d687997c22bd7abfbb133672faccc15363482d560c0e20855952d7eb259ad3bc7730321a29f02a8c020434bf3152df1997bde7991566d43ed618d8f5522b24dfb0756156b9ee069942cf893e1efae7faabbf26347d96eb4e512b71022636fe30ec9bd522ba72587c5a24d22658c8b855b7a2ae2b31b583fa12e224b07dfe0f64745633860ad8cdf235a4b5a750e1b5e20992f6dba24d9144060e903d5140ce", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f0000001580)={0x1, 'veth1_to_team\x00'})
shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffd000/0x2000)=nil)
r6 = signalfd4(0xffffffffffffffff, &(0x7f0000000240)={[0x80000001]}, 0x8, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000280)={0x0, 0x400080}, 0xc)

[  485.938525][T14183] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:56 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x4, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x32)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)

01:35:56 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000003c0)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, <r1=>0x0})
sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="65dd4000", @ANYRES16=0x0, @ANYBLOB="00042cbd7000fbdbdf25080000000800090000000000080011000100000014002000fc0100000000000000000000000000000c001600000000000000000008001900ac1414aa05000600060000000600020001000000"], 0x5c}, 0x1, 0x0, 0x0, 0x70}, 0x20000000)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
sendmsg$inet(r0, &(0x7f0000000d80)={&(0x7f00000005c0)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10, &(0x7f0000000600)=[{&(0x7f0000001480)="22e50c6929263c4954e7b9ce5b00e391ed980f36cc85393d04f4e98ff1deab5dcab991ecfdb13ddb54aa0015eb480ab24f5f5c1964c4336fa8b21277ff46ec8a6e42483d079f5ff8d26648f110dfbfdba804e9826f83013c81d537b51c0a221fa93fe4c9cad2739885c7b562bbb5de7a4f86c7ee4b8a51f26f71c0aa4fb4f330730a142b16649a71f4291fb6f9ab7f7a589061946e79b4f31510cdfd88998a769d3fd2122fbe26ab7d93a4cbc9ea3b574f8626b5cef5882abfd2a78a17ce9de7e3eec482c4b8f93c8e693f2d6c69ba2efba39d5312f79e5137179fdb78b31b3f", 0xe0}], 0x1, &(0x7f0000000640)=[@ip_retopts={{0x20, 0x0, 0x7, {[@noop, @ssrr={0x89, 0x7, 0x34, [@loopback]}, @rr={0x7, 0x7, 0x6a, [@multicast1]}]}}}], 0x20}, 0x40000) (async)
utimensat(0xffffffffffffffff, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x3c, r3, 0xe17, 0x0, 0x0, {0x1, 0x0, 0x6074}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_UDP_SPORT={0x6}]}, 0x3c}}, 0x0) (async)
sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000002cc0)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000a80)={0x54, r3, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_LNS_MODE={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_COOKIE={0xc, 0xf, 0x5}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast1}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x6d76f49b0c1b1f57}, 0x8000) (async)
listen(r0, 0x0) (async)
sendmmsg(r0, &(0x7f0000001340)=[{{&(0x7f00000002c0)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e23, @local}}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000013c0)="4524373ce8b786de9b6c8a6d6465964eea6ee81295dbf6da563505000000bd7bb0fec128e0872aef88fa360c33d01d8f7981c2226ecb36e96c4166228a25cc845fbd6b9f2b43878d5bd4b17b5d1ce9ddd6538720c4eed222f034a81c33039874e6d43db0ea07114c463542756a8298d2e4d9c0b6e4d82a54336b8c0e546db12f2cf8338d19417aff2bb15aa521aeb4117fd1d1ec", 0x94}, {&(0x7f0000000680)="87e3d157a802b53d4ca76cdbaa7d7654bab29324f42a6a747dd1bf99026fbcc166e9b017f83e94183c4ace1f5a3f83c02735029d212eb25a13e5a05f491acc7f6ab811d8ec12a26250958996bb20320af65ba60eb2775b6a097014f201d4e366452699e679b50ec2e6de4eff03b38d85b60dad74ab486e50687246c99aa6a5eea2e2fcc6e568196c0ad9ae4faf1ee163a6b35fc41c98a0b3c4cd8cdae78c323b725eba", 0xa3}, {&(0x7f0000000340)="83d5bc34", 0x4}, {&(0x7f0000000740)="4a8410ec1cf8229b609558265021fe6cf77dfe160567be96c8c6e9b7a8231cb84d4ab8a612ef939b743e06f58fd4142a4147727651e5b2811048fc2394daddc82c07297c4cf19b856342d63fce38dd9cf65bf0bcde46542733cf401d579548e1372ba1d44d4100b758dfba83938707acd132249a4a21c178f738eebf32827551d3fb694e3ecf4afeece00e9e14d53776c3a5d4142f0e2e80a1e861774b89b8016cd46553a1fa66de700297af9d78b836dbad70c794b65355687b6d6d8f3c11b4f57979b313f181", 0xc7}, {&(0x7f0000000840)="d337b261a15c2907061023fcc1fd1431c6eec388a064c7314469bde77653e1e4701f88bcda2e8ef05d583f038165979b7685e745229f53fb5e2899a15301fab7e0f578c73f6f150261d1c5f11fd679708c43ca18a14b93e00a433a3ca4a64d4fa585243391811de499a215fb0129766a195d2ac1baf683fec32275130e93083b38841dd4e610981808a2fe0f130a50992b4380345b68c1c2df507949e580441cac1771deb50ccf0a4e9209f65d33bbf154a158d037f2b3e37f6bd08c962bfa8f0ad298f3385a29fd509dbacbde9f6c9d10", 0xd1}, {&(0x7f0000000940)="6351b73ea5ffc68ab4502f55fae0481c75b2fa105b4925f8a36894ae4f3f1b792236ac2f68235bb9aa7dc0ddf83f2d293f8071b6df62632beabf039c0e1d05d1bbe1dfea2f3b12c1", 0x48}], 0x6, &(0x7f0000002b80)=ANY=[@ANYBLOB="b0000000000000001101000001000000fc7b95d389f5443505a8ff77fb6099e7b9ff4db5f8c101a5e69ad946f782ba3084c2802aef9da5e5f31f90cbf2fc9bb86f7e399d6744cad8ff8a94b348f18282ec4001220cc0ba5a7e33f9b91bad808b4c02d9189acabe7121dc73ca1217ddf76d1326933094a936b29b20ab749fa8c07c647ea152e6bfd9e5b738e0ae462ed4553a8e97035787b061819d92d272c1e6e3766cfb000000000000000000000000726c857435f70b382ff1655cb140ccbc3d02e102ad1d03b4441fe75de9e408ebf87d027505588c6634b65638f1bacb4d26d5972ac35b59c0698bc2bfb300f49196f4bf7bb6d308759ad0c25b14023d8f453d8e0572165d74aef407f7"], 0xb0}}, {{&(0x7f0000000b00)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @private=0xa010101}}, 0x80, &(0x7f0000000e80)=[{&(0x7f0000000b80)="74e459ada7fa83451bb2e71f6f73517691feadde9ce5a98a25b0fc484e32e2c62325f469d1cab3441c32a2b6ae9c2bc1a27a127cdb051e32ae29d7a0123a23f33c487f87b4ff5f494141bfd811e7913547243e8f97993ef7e174448c8df3d27d615552a8d1617b6f52a31e742e6f3423ab8e3c", 0x73}, {&(0x7f0000000c00)="437643eeaec171dc9754c1ecf5fa03abdc6c4037b1990ab99c872bf87a7936eb40d4b75404f030dae23a0ea1719fc0d9ca50833faf3641af172b0ca4fb3286e70ad21702ae112baf88345296a933f67afba4baf625e42cec8b9506ca3433f00314225bde2efdebb4f888cb0fb4", 0x6d}, {&(0x7f0000002b40)="c65c83c7083d8b1f11a430627e77fe48cfe45f1616e2ac7bd16b938554aff7f577aba35fa0db0c865d12", 0x2a}, {&(0x7f0000000cc0)="1c8cf774cd2b9bf704cc87e4302b9ecdb72d2fee9fe8596ced9df08ab3fe16d9d7e83d9a40da482c32c080351efafca310cc78bfe9104d9575b04dd16b568effbd2cb3c5e9fd927115d2f130adabfa1f4eeae0be379b4a08f3dbcc0f4b9f98028210f4bc341ad063fc6c6d9d5e622cfff3505ed16f6102f14bcf8fe1690fa2ccdf2a3ebe9d8a2fe721deb648bf5ae62ac0163266d6a740494826368302b109020a8779d818", 0xa5}, {&(0x7f0000002a80)="eae3c4986b25f14035c8a287a104356985aaea7a7420089fe4aab776a4ca1bc7d64df925126ebb1e273b1e686e6fe71203ac7fe787221474c57c2fac50af4555dfb0c09b4ed6af081b8ebfd4f4a8df0d9bde9a31817defbeced511de26a2561edfca9a0554ef1729690bfb717839c96372fd8827ef4483133cea4fe2525d935f39d436decb3eb9273849ff98ad", 0x8d}, {&(0x7f0000000dc0)="4af0720426b5620ba98bfd07a054f61ece18ff459344eb66f93541223befbd2b761f484ebcb7b6dd", 0x28}, {&(0x7f0000000e00)="689ee8576ae86c6b7b7235733c2c9f741d91326c7209164d788b3de8202543af722df4d9198ff7ffc31afde6aa91985717ff499c88ebdcb422c465f572afacaed9e225d9", 0x44}], 0x7, &(0x7f0000000f00)=ANY=[@ANYBLOB="e00000000000000015010000faffffff2dd48066f7ae7751ff31ba8e1c4e81bd23e5602daad95f5ef78a6808153a522fd8528ec1464faf3ba7b7b0f9e09be5b1e1882468c2ac58d9bc34936be3e797935726be9333709402d34dc338d966bc861199982f3fd874a8dbf86e917f9838a30386f3821eb18f2980df8a8800df4a08f8086feb90e49875c15a542a484aecccd63cf8b3e55804b1d36c02e92bbb25f02f210f4bf67fae742223a681ed79acc812308e729005f44096f0c8d2396df3bb45a859b3a118c2c8f3a2f6b1fb694859cfc23aa4f60ddc1b320e3d000000000028000000000000000000000008000000bb48aa1125f3f33d455d8458a4614ee18ea8f71178e2000068000000000000000501000053060000b46909940b8bdcd7cddad2ab8d817b16e67f2eeb34533af7574de525975a2dee4f48019eee336463699fb6cbc0302d0f56ec0114ab75da2d3c5fb0a19024f5cbc89f2c7e247c93e97e686c549360791006eb223353000000f8000000000000003a0000000b40147403132293ee4692ceb62a3c7c847454b858a2cd2ead5351575ed8adb14c5634a4748692505fdaea381d978b03e75fa2188bc59253dfa7a34c44537d5a87c2c7293703fb1f215d9dbe6ead227fa2c581f415e2f06bf797a112f78233d2d46bd4ae665d6954149afcf1190d874283de2609cc593cb3917f05463d56ff10e7a2ace756932be0d62efa2c74101ae2fe0c1dcf7ef144e6b17a76727a4d2721ede27771178f6dca6bba57ab47663f64a00c92ae1ed9732ac42e38c23e1609f4b08923acce6051e46c64c957fc720fe56bd6706e444d6060593d832eaeca844b2bf5007d9a6bc37523cac400f0000000000000000a010000000000002cfd5eb8c3a02adf1bd30fcf78949cae650d08815ab0ada820099b499da59f045194dfb7d4a7bf78908a9a730edd5cce92f4fd0700e2129eae88e85904072d85106b4431e7fe52fac9ef64bf1bf20dfc725d26aa05663780b5e77f2ed48500029ebf8130baf5cdfe4622ca5a9b341274ae1b936f7d8b2431a9115c53b3f55daf45a7714d1d0ae882fda6fd04dd32505117450889ce78b92b955ab1e353a5951211b81c0ff83e4522f4bf8f0521b29fbcf79d0cf8e209e9037f4268b8ddab4aab8482291014130b4d5f280757430344a98822ccf98769dcb84c00000000000000600000000000000015010000ffffffffe8676db8bbb9f790c963ab8aabe4b9fd9fd1103d737b5ca3d74ec92ae8bfa159f1e23b343f079dc5cacf5a6408d42b93954cb76197d83d4ea67fd0019f055fcf3fd644024df7eb919f438d37b6f8000070000000000000000d0100000700000010f107446d223967b084a2c2a454b0f930855101a355c39a5453e65b43ff6aaa3e256039c6e356f1b6d8c9caff536a3fbb89132531aec8c388abf73ac3a73fae548cb542ddc9e7c0d5e9fcde5b5db3875869e34196064c3756287f0d008e5ca7"], 0x428}}], 0x2, 0x20000090) (async)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000015c0)={<r4=>r0, 0x2, 0x5, 0xffffffffffffffff})
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000001680)={<r5=>0x0, 0x80, 0x2})
ioctl$BTRFS_IOC_RM_DEV_V2(r0, 0x5000943a, &(0x7f0000001a80)={{r4}, r1, 0x12, @inherit={0x60, &(0x7f0000002d00)=ANY=[@ANYBLOB="01ff000000000000030000000000000001040000000000000004000000000000080000000000000080000000000000006b87000000000000ffff000000040000000b0000000000000400000000010000000000000004000000000000009d2bc778"]}, @devid=r5}) (async)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08005f00002800000000000690780a010102ac1414aa00004e22d7332e74d687997c22bd7abfbb133672faccc15363482d560c0e20855952d7eb259ad3bc7730321a29f02a8c020434bf3152df1997bde7991566d43ed618d8f5522b24dfb0756156b9ee069942cf893e1efae7faabbf26347d96eb4e512b71022636fe30ec9bd522ba72587c5a24d22658c8b855b7a2ae2b31b583fa12e224b07dfe0f64745633860ad8cdf235a4b5a750e1b5e20992f6dba24d9144060e903d5140ce", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f0000001580)={0x1, 'veth1_to_team\x00'})
shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffd000/0x2000)=nil) (async)
r6 = signalfd4(0xffffffffffffffff, &(0x7f0000000240)={[0x80000001]}, 0x8, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000280)={0x0, 0x400080}, 0xc)

01:35:57 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000003c0)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, <r1=>0x0})
sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="65dd4000", @ANYRES16=0x0, @ANYBLOB="00042cbd7000fbdbdf25080000000800090000000000080011000100000014002000fc0100000000000000000000000000000c001600000000000000000008001900ac1414aa05000600060000000600020001000000"], 0x5c}, 0x1, 0x0, 0x0, 0x70}, 0x20000000) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
sendmsg$inet(r0, &(0x7f0000000d80)={&(0x7f00000005c0)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10, &(0x7f0000000600)=[{&(0x7f0000001480)="22e50c6929263c4954e7b9ce5b00e391ed980f36cc85393d04f4e98ff1deab5dcab991ecfdb13ddb54aa0015eb480ab24f5f5c1964c4336fa8b21277ff46ec8a6e42483d079f5ff8d26648f110dfbfdba804e9826f83013c81d537b51c0a221fa93fe4c9cad2739885c7b562bbb5de7a4f86c7ee4b8a51f26f71c0aa4fb4f330730a142b16649a71f4291fb6f9ab7f7a589061946e79b4f31510cdfd88998a769d3fd2122fbe26ab7d93a4cbc9ea3b574f8626b5cef5882abfd2a78a17ce9de7e3eec482c4b8f93c8e693f2d6c69ba2efba39d5312f79e5137179fdb78b31b3f", 0xe0}], 0x1, &(0x7f0000000640)=[@ip_retopts={{0x20, 0x0, 0x7, {[@noop, @ssrr={0x89, 0x7, 0x34, [@loopback]}, @rr={0x7, 0x7, 0x6a, [@multicast1]}]}}}], 0x20}, 0x40000) (async)
utimensat(0xffffffffffffffff, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x3c, r3, 0xe17, 0x0, 0x0, {0x1, 0x0, 0x6074}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_UDP_SPORT={0x6}]}, 0x3c}}, 0x0)
sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000002cc0)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000a80)={0x54, r3, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_LNS_MODE={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_COOKIE={0xc, 0xf, 0x5}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast1}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x6d76f49b0c1b1f57}, 0x8000) (async)
listen(r0, 0x0) (async)
sendmmsg(r0, &(0x7f0000001340)=[{{&(0x7f00000002c0)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e23, @local}}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000013c0)="4524373ce8b786de9b6c8a6d6465964eea6ee81295dbf6da563505000000bd7bb0fec128e0872aef88fa360c33d01d8f7981c2226ecb36e96c4166228a25cc845fbd6b9f2b43878d5bd4b17b5d1ce9ddd6538720c4eed222f034a81c33039874e6d43db0ea07114c463542756a8298d2e4d9c0b6e4d82a54336b8c0e546db12f2cf8338d19417aff2bb15aa521aeb4117fd1d1ec", 0x94}, {&(0x7f0000000680)="87e3d157a802b53d4ca76cdbaa7d7654bab29324f42a6a747dd1bf99026fbcc166e9b017f83e94183c4ace1f5a3f83c02735029d212eb25a13e5a05f491acc7f6ab811d8ec12a26250958996bb20320af65ba60eb2775b6a097014f201d4e366452699e679b50ec2e6de4eff03b38d85b60dad74ab486e50687246c99aa6a5eea2e2fcc6e568196c0ad9ae4faf1ee163a6b35fc41c98a0b3c4cd8cdae78c323b725eba", 0xa3}, {&(0x7f0000000340)="83d5bc34", 0x4}, {&(0x7f0000000740)="4a8410ec1cf8229b609558265021fe6cf77dfe160567be96c8c6e9b7a8231cb84d4ab8a612ef939b743e06f58fd4142a4147727651e5b2811048fc2394daddc82c07297c4cf19b856342d63fce38dd9cf65bf0bcde46542733cf401d579548e1372ba1d44d4100b758dfba83938707acd132249a4a21c178f738eebf32827551d3fb694e3ecf4afeece00e9e14d53776c3a5d4142f0e2e80a1e861774b89b8016cd46553a1fa66de700297af9d78b836dbad70c794b65355687b6d6d8f3c11b4f57979b313f181", 0xc7}, {&(0x7f0000000840)="d337b261a15c2907061023fcc1fd1431c6eec388a064c7314469bde77653e1e4701f88bcda2e8ef05d583f038165979b7685e745229f53fb5e2899a15301fab7e0f578c73f6f150261d1c5f11fd679708c43ca18a14b93e00a433a3ca4a64d4fa585243391811de499a215fb0129766a195d2ac1baf683fec32275130e93083b38841dd4e610981808a2fe0f130a50992b4380345b68c1c2df507949e580441cac1771deb50ccf0a4e9209f65d33bbf154a158d037f2b3e37f6bd08c962bfa8f0ad298f3385a29fd509dbacbde9f6c9d10", 0xd1}, {&(0x7f0000000940)="6351b73ea5ffc68ab4502f55fae0481c75b2fa105b4925f8a36894ae4f3f1b792236ac2f68235bb9aa7dc0ddf83f2d293f8071b6df62632beabf039c0e1d05d1bbe1dfea2f3b12c1", 0x48}], 0x6, &(0x7f0000002b80)=ANY=[@ANYBLOB="b0000000000000001101000001000000fc7b95d389f5443505a8ff77fb6099e7b9ff4db5f8c101a5e69ad946f782ba3084c2802aef9da5e5f31f90cbf2fc9bb86f7e399d6744cad8ff8a94b348f18282ec4001220cc0ba5a7e33f9b91bad808b4c02d9189acabe7121dc73ca1217ddf76d1326933094a936b29b20ab749fa8c07c647ea152e6bfd9e5b738e0ae462ed4553a8e97035787b061819d92d272c1e6e3766cfb000000000000000000000000726c857435f70b382ff1655cb140ccbc3d02e102ad1d03b4441fe75de9e408ebf87d027505588c6634b65638f1bacb4d26d5972ac35b59c0698bc2bfb300f49196f4bf7bb6d308759ad0c25b14023d8f453d8e0572165d74aef407f7"], 0xb0}}, {{&(0x7f0000000b00)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @private=0xa010101}}, 0x80, &(0x7f0000000e80)=[{&(0x7f0000000b80)="74e459ada7fa83451bb2e71f6f73517691feadde9ce5a98a25b0fc484e32e2c62325f469d1cab3441c32a2b6ae9c2bc1a27a127cdb051e32ae29d7a0123a23f33c487f87b4ff5f494141bfd811e7913547243e8f97993ef7e174448c8df3d27d615552a8d1617b6f52a31e742e6f3423ab8e3c", 0x73}, {&(0x7f0000000c00)="437643eeaec171dc9754c1ecf5fa03abdc6c4037b1990ab99c872bf87a7936eb40d4b75404f030dae23a0ea1719fc0d9ca50833faf3641af172b0ca4fb3286e70ad21702ae112baf88345296a933f67afba4baf625e42cec8b9506ca3433f00314225bde2efdebb4f888cb0fb4", 0x6d}, {&(0x7f0000002b40)="c65c83c7083d8b1f11a430627e77fe48cfe45f1616e2ac7bd16b938554aff7f577aba35fa0db0c865d12", 0x2a}, {&(0x7f0000000cc0)="1c8cf774cd2b9bf704cc87e4302b9ecdb72d2fee9fe8596ced9df08ab3fe16d9d7e83d9a40da482c32c080351efafca310cc78bfe9104d9575b04dd16b568effbd2cb3c5e9fd927115d2f130adabfa1f4eeae0be379b4a08f3dbcc0f4b9f98028210f4bc341ad063fc6c6d9d5e622cfff3505ed16f6102f14bcf8fe1690fa2ccdf2a3ebe9d8a2fe721deb648bf5ae62ac0163266d6a740494826368302b109020a8779d818", 0xa5}, {&(0x7f0000002a80)="eae3c4986b25f14035c8a287a104356985aaea7a7420089fe4aab776a4ca1bc7d64df925126ebb1e273b1e686e6fe71203ac7fe787221474c57c2fac50af4555dfb0c09b4ed6af081b8ebfd4f4a8df0d9bde9a31817defbeced511de26a2561edfca9a0554ef1729690bfb717839c96372fd8827ef4483133cea4fe2525d935f39d436decb3eb9273849ff98ad", 0x8d}, {&(0x7f0000000dc0)="4af0720426b5620ba98bfd07a054f61ece18ff459344eb66f93541223befbd2b761f484ebcb7b6dd", 0x28}, {&(0x7f0000000e00)="689ee8576ae86c6b7b7235733c2c9f741d91326c7209164d788b3de8202543af722df4d9198ff7ffc31afde6aa91985717ff499c88ebdcb422c465f572afacaed9e225d9", 0x44}], 0x7, &(0x7f0000000f00)=ANY=[@ANYBLOB="e00000000000000015010000faffffff2dd48066f7ae7751ff31ba8e1c4e81bd23e5602daad95f5ef78a6808153a522fd8528ec1464faf3ba7b7b0f9e09be5b1e1882468c2ac58d9bc34936be3e797935726be9333709402d34dc338d966bc861199982f3fd874a8dbf86e917f9838a30386f3821eb18f2980df8a8800df4a08f8086feb90e49875c15a542a484aecccd63cf8b3e55804b1d36c02e92bbb25f02f210f4bf67fae742223a681ed79acc812308e729005f44096f0c8d2396df3bb45a859b3a118c2c8f3a2f6b1fb694859cfc23aa4f60ddc1b320e3d000000000028000000000000000000000008000000bb48aa1125f3f33d455d8458a4614ee18ea8f71178e2000068000000000000000501000053060000b46909940b8bdcd7cddad2ab8d817b16e67f2eeb34533af7574de525975a2dee4f48019eee336463699fb6cbc0302d0f56ec0114ab75da2d3c5fb0a19024f5cbc89f2c7e247c93e97e686c549360791006eb223353000000f8000000000000003a0000000b40147403132293ee4692ceb62a3c7c847454b858a2cd2ead5351575ed8adb14c5634a4748692505fdaea381d978b03e75fa2188bc59253dfa7a34c44537d5a87c2c7293703fb1f215d9dbe6ead227fa2c581f415e2f06bf797a112f78233d2d46bd4ae665d6954149afcf1190d874283de2609cc593cb3917f05463d56ff10e7a2ace756932be0d62efa2c74101ae2fe0c1dcf7ef144e6b17a76727a4d2721ede27771178f6dca6bba57ab47663f64a00c92ae1ed9732ac42e38c23e1609f4b08923acce6051e46c64c957fc720fe56bd6706e444d6060593d832eaeca844b2bf5007d9a6bc37523cac400f0000000000000000a010000000000002cfd5eb8c3a02adf1bd30fcf78949cae650d08815ab0ada820099b499da59f045194dfb7d4a7bf78908a9a730edd5cce92f4fd0700e2129eae88e85904072d85106b4431e7fe52fac9ef64bf1bf20dfc725d26aa05663780b5e77f2ed48500029ebf8130baf5cdfe4622ca5a9b341274ae1b936f7d8b2431a9115c53b3f55daf45a7714d1d0ae882fda6fd04dd32505117450889ce78b92b955ab1e353a5951211b81c0ff83e4522f4bf8f0521b29fbcf79d0cf8e209e9037f4268b8ddab4aab8482291014130b4d5f280757430344a98822ccf98769dcb84c00000000000000600000000000000015010000ffffffffe8676db8bbb9f790c963ab8aabe4b9fd9fd1103d737b5ca3d74ec92ae8bfa159f1e23b343f079dc5cacf5a6408d42b93954cb76197d83d4ea67fd0019f055fcf3fd644024df7eb919f438d37b6f8000070000000000000000d0100000700000010f107446d223967b084a2c2a454b0f930855101a355c39a5453e65b43ff6aaa3e256039c6e356f1b6d8c9caff536a3fbb89132531aec8c388abf73ac3a73fae548cb542ddc9e7c0d5e9fcde5b5db3875869e34196064c3756287f0d008e5ca7"], 0x428}}], 0x2, 0x20000090)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000015c0)={<r4=>r0, 0x2, 0x5, 0xffffffffffffffff}) (async)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000001680)={<r5=>0x0, 0x80, 0x2})
ioctl$BTRFS_IOC_RM_DEV_V2(r0, 0x5000943a, &(0x7f0000001a80)={{r4}, r1, 0x12, @inherit={0x60, &(0x7f0000002d00)=ANY=[@ANYBLOB="01ff000000000000030000000000000001040000000000000004000000000000080000000000000080000000000000006b87000000000000ffff000000040000000b0000000000000400000000010000000000000004000000000000009d2bc778"]}, @devid=r5})
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08005f00002800000000000690780a010102ac1414aa00004e22d7332e74d687997c22bd7abfbb133672faccc15363482d560c0e20855952d7eb259ad3bc7730321a29f02a8c020434bf3152df1997bde7991566d43ed618d8f5522b24dfb0756156b9ee069942cf893e1efae7faabbf26347d96eb4e512b71022636fe30ec9bd522ba72587c5a24d22658c8b855b7a2ae2b31b583fa12e224b07dfe0f64745633860ad8cdf235a4b5a750e1b5e20992f6dba24d9144060e903d5140ce", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0) (async)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f0000001580)={0x1, 'veth1_to_team\x00'})
shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffd000/0x2000)=nil)
r6 = signalfd4(0xffffffffffffffff, &(0x7f0000000240)={[0x80000001]}, 0x8, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000280)={0x0, 0x400080}, 0xc)

[  486.119562][T14195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  486.158870][ T3603] Bluetooth: hci1: command 0x041b tx timeout
01:35:57 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  486.256524][T14195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:57 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)={@broadcast, @local, 0x0, 0x2, [@multicast1, @private=0xa010100]}, 0x18)
r2 = signalfd4(r0, &(0x7f0000000000)={[0x10001]}, 0x8, 0x80000)
setsockopt$inet_int(r2, 0x0, 0x22, &(0x7f0000000040)=0xffffffe1, 0x4)
syz_emit_ethernet(0xb9, &(0x7f0000000100)={@local, @multicast, @void, {@ipv4={0x800, @generic={{0x22, 0x4, 0x0, 0x3, 0xab, 0x66, 0x0, 0x0, 0x84, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@end, @timestamp_addr={0x44, 0x24, 0x72, 0x1, 0x6, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x2}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x5}, {@local}, {@dev={0xac, 0x14, 0x14, 0xc}, 0x200}]}, @generic={0x83, 0xc, "41aae6ad6c24d15f6486"}, @ssrr={0x89, 0xf, 0xb, [@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ra={0x94, 0x4}, @lsrr={0x83, 0x1f, 0xce, [@empty, @multicast1, @multicast1, @rand_addr=0x64010102, @empty, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @rr={0x7, 0xf, 0xb3, [@multicast2, @dev={0xac, 0x14, 0x14, 0x14}, @empty]}, @end]}}, "7c8f75d30b1541b89f0931432cee06d1625cb3387370985ff937348eb393425bd5ed8b"}}}}, 0x0)

[  486.398619][T14209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:57 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)={@broadcast, @local, 0x0, 0x2, [@multicast1, @private=0xa010100]}, 0x18)
r2 = signalfd4(r0, &(0x7f0000000000)={[0x10001]}, 0x8, 0x80000)
setsockopt$inet_int(r2, 0x0, 0x22, &(0x7f0000000040)=0xffffffe1, 0x4) (async)
syz_emit_ethernet(0xb9, &(0x7f0000000100)={@local, @multicast, @void, {@ipv4={0x800, @generic={{0x22, 0x4, 0x0, 0x3, 0xab, 0x66, 0x0, 0x0, 0x84, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@end, @timestamp_addr={0x44, 0x24, 0x72, 0x1, 0x6, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x2}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x5}, {@local}, {@dev={0xac, 0x14, 0x14, 0xc}, 0x200}]}, @generic={0x83, 0xc, "41aae6ad6c24d15f6486"}, @ssrr={0x89, 0xf, 0xb, [@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ra={0x94, 0x4}, @lsrr={0x83, 0x1f, 0xce, [@empty, @multicast1, @multicast1, @rand_addr=0x64010102, @empty, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @rr={0x7, 0xf, 0xb3, [@multicast2, @dev={0xac, 0x14, 0x14, 0x14}, @empty]}, @end]}}, "7c8f75d30b1541b89f0931432cee06d1625cb3387370985ff937348eb393425bd5ed8b"}}}}, 0x0)

01:35:57 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)={@broadcast, @local, 0x0, 0x2, [@multicast1, @private=0xa010100]}, 0x18)
r2 = signalfd4(r0, &(0x7f0000000000)={[0x10001]}, 0x8, 0x80000)
setsockopt$inet_int(r2, 0x0, 0x22, &(0x7f0000000040)=0xffffffe1, 0x4)
syz_emit_ethernet(0xb9, &(0x7f0000000100)={@local, @multicast, @void, {@ipv4={0x800, @generic={{0x22, 0x4, 0x0, 0x3, 0xab, 0x66, 0x0, 0x0, 0x84, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@end, @timestamp_addr={0x44, 0x24, 0x72, 0x1, 0x6, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x2}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x5}, {@local}, {@dev={0xac, 0x14, 0x14, 0xc}, 0x200}]}, @generic={0x83, 0xc, "41aae6ad6c24d15f6486"}, @ssrr={0x89, 0xf, 0xb, [@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ra={0x94, 0x4}, @lsrr={0x83, 0x1f, 0xce, [@empty, @multicast1, @multicast1, @rand_addr=0x64010102, @empty, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @rr={0x7, 0xf, 0xb3, [@multicast2, @dev={0xac, 0x14, 0x14, 0x14}, @empty]}, @end]}}, "7c8f75d30b1541b89f0931432cee06d1625cb3387370985ff937348eb393425bd5ed8b"}}}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) (async)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)={@broadcast, @local, 0x0, 0x2, [@multicast1, @private=0xa010100]}, 0x18) (async)
signalfd4(r0, &(0x7f0000000000)={[0x10001]}, 0x8, 0x80000) (async)
setsockopt$inet_int(r2, 0x0, 0x22, &(0x7f0000000040)=0xffffffe1, 0x4) (async)
syz_emit_ethernet(0xb9, &(0x7f0000000100)={@local, @multicast, @void, {@ipv4={0x800, @generic={{0x22, 0x4, 0x0, 0x3, 0xab, 0x66, 0x0, 0x0, 0x84, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@end, @timestamp_addr={0x44, 0x24, 0x72, 0x1, 0x6, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x2}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x5}, {@local}, {@dev={0xac, 0x14, 0x14, 0xc}, 0x200}]}, @generic={0x83, 0xc, "41aae6ad6c24d15f6486"}, @ssrr={0x89, 0xf, 0xb, [@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ra={0x94, 0x4}, @lsrr={0x83, 0x1f, 0xce, [@empty, @multicast1, @multicast1, @rand_addr=0x64010102, @empty, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @rr={0x7, 0xf, 0xb3, [@multicast2, @dev={0xac, 0x14, 0x14, 0x14}, @empty]}, @end]}}, "7c8f75d30b1541b89f0931432cee06d1625cb3387370985ff937348eb393425bd5ed8b"}}}}, 0x0) (async)

01:35:57 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x0, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:57 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:35:57 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
setsockopt(r0, 0x2, 0x7, &(0x7f0000000040)="b89c289bdcaa4001279aef21a568d95f8f39b10ce1b3fbc37660954a2ef3086e873758a1a0749b54a7cef47101825a5e432774e1d14ce311f5df4b8c2155243ab54d20cbeb117c1fcaaff7c4aa54830106ba6d9e9a52b042f9ed559995c70c6335bea292bc18c501f63e75d362c63c05da935d98461c3b07172cfca5bbed11f01c8baeffbdbee5e3460c4d14eb", 0x8d)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045000028f8c3f30000d79ecabdebbd95f06641c50690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)

01:35:57 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x4, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x32)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)

01:35:57 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:57 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  486.919019][T14227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  486.995865][T14229] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:57 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
setsockopt(r0, 0x2, 0x7, &(0x7f0000000040)="b89c289bdcaa4001279aef21a568d95f8f39b10ce1b3fbc37660954a2ef3086e873758a1a0749b54a7cef47101825a5e432774e1d14ce311f5df4b8c2155243ab54d20cbeb117c1fcaaff7c4aa54830106ba6d9e9a52b042f9ed559995c70c6335bea292bc18c501f63e75d362c63c05da935d98461c3b07172cfca5bbed11f01c8baeffbdbee5e3460c4d14eb", 0x8d)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045000028f8c3f30000d79ecabdebbd95f06641c50690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)

01:35:58 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  487.123858][T14229] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
setsockopt(r0, 0x2, 0x7, &(0x7f0000000040)="b89c289bdcaa4001279aef21a568d95f8f39b10ce1b3fbc37660954a2ef3086e873758a1a0749b54a7cef47101825a5e432774e1d14ce311f5df4b8c2155243ab54d20cbeb117c1fcaaff7c4aa54830106ba6d9e9a52b042f9ed559995c70c6335bea292bc18c501f63e75d362c63c05da935d98461c3b07172cfca5bbed11f01c8baeffbdbee5e3460c4d14eb", 0x8d) (async)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045000028f8c3f30000d79ecabdebbd95f06641c50690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0) (async)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)

01:35:58 executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:35:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0x8}}, './file0\x00'})
listen(r0, 0x0)
write$binfmt_misc(r0, &(0x7f0000000080)={'syz1', "e1e017eca7a846dc71b3ddc5a5be3a2878244cd93042dc38d1e65ea868fe89e2fed0192e6dc9eddbf77828057ffaf5240300aae6775b4225242590cf5dc3ca6256e5b184c8ee9c54703cb4018f4edc54b94733b70777be587c9d34ff825309b606e622f2b8f1ed223f2bed856b1952198cbf400140f13c0dedcded1d7a5deb10696067ec50d9751fff85c77cdaf43e1210e1e7bea941f8c7f4b7f738b50a8800b9be33cd59e56a2a0ab5a571"}, 0xb0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  487.360467][T14248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:58 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:58 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0x8}}, './file0\x00'})
listen(r0, 0x0)
write$binfmt_misc(r0, &(0x7f0000000080)={'syz1', "e1e017eca7a846dc71b3ddc5a5be3a2878244cd93042dc38d1e65ea868fe89e2fed0192e6dc9eddbf77828057ffaf5240300aae6775b4225242590cf5dc3ca6256e5b184c8ee9c54703cb4018f4edc54b94733b70777be587c9d34ff825309b606e622f2b8f1ed223f2bed856b1952198cbf400140f13c0dedcded1d7a5deb10696067ec50d9751fff85c77cdaf43e1210e1e7bea941f8c7f4b7f738b50a8800b9be33cd59e56a2a0ab5a571"}, 0xb0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
socket$unix(0x1, 0x1, 0x0) (async)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0x8}}, './file0\x00'}) (async)
listen(r0, 0x0) (async)
write$binfmt_misc(r0, &(0x7f0000000080)={'syz1', "e1e017eca7a846dc71b3ddc5a5be3a2878244cd93042dc38d1e65ea868fe89e2fed0192e6dc9eddbf77828057ffaf5240300aae6775b4225242590cf5dc3ca6256e5b184c8ee9c54703cb4018f4edc54b94733b70777be587c9d34ff825309b606e622f2b8f1ed223f2bed856b1952198cbf400140f13c0dedcded1d7a5deb10696067ec50d9751fff85c77cdaf43e1210e1e7bea941f8c7f4b7f738b50a8800b9be33cd59e56a2a0ab5a571"}, 0xb0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)

01:35:58 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x0, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:58 executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:35:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0x8}}, './file0\x00'})
listen(r0, 0x0) (async)
write$binfmt_misc(r0, &(0x7f0000000080)={'syz1', "e1e017eca7a846dc71b3ddc5a5be3a2878244cd93042dc38d1e65ea868fe89e2fed0192e6dc9eddbf77828057ffaf5240300aae6775b4225242590cf5dc3ca6256e5b184c8ee9c54703cb4018f4edc54b94733b70777be587c9d34ff825309b606e622f2b8f1ed223f2bed856b1952198cbf400140f13c0dedcded1d7a5deb10696067ec50d9751fff85c77cdaf43e1210e1e7bea941f8c7f4b7f738b50a8800b9be33cd59e56a2a0ab5a571"}, 0xb0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  487.857344][T14261] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:58 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:58 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r1 = syz_io_uring_setup(0x56c, &(0x7f00000001c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r1, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="6f900ef057641a2233d94f5e080c8e9a625226087fbe62e8be6bc055b836c16bf4493017d19ca09d173fa3b367055ca6627bb35c1d2a52e6f7e8eb282f4987a88c69b64dd030e095ddf6b11d255aa506b97583271f6719db400885fb2f5a6ac241998067486f71b7a5367ff476e011d40d723242ab0080404edb74d802018c658a1890224443c1b7ea83db966f"], 0x0)

01:35:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="6f900ef057641a2233d94f5e080c8e9a625226087fbe62e8be6bc055b836c16bf4493017d19ca09d173fa3b367055ca6627bb35c1d2a52e6f7e8eb282f4987a88c69b64dd030e095ddf6b11d255aa506b97583271f6719db400885fb2f5a6ac241998067486f71b7a5367ff476e011d40d723242ab0080404edb74d802018c658a1890224443c1b7ea83db966f"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="6f900ef057641a2233d94f5e080c8e9a625226087fbe62e8be6bc055b836c16bf4493017d19ca09d173fa3b367055ca6627bb35c1d2a52e6f7e8eb282f4987a88c69b64dd030e095ddf6b11d255aa506b97583271f6719db400885fb2f5a6ac241998067486f71b7a5367ff476e011d40d723242ab0080404edb74d802018c658a1890224443c1b7ea83db966f"], 0x0) (async)

01:35:59 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r1 = syz_io_uring_setup(0x56c, &(0x7f00000001c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r1, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:59 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  488.240414][ T3684] Bluetooth: hci1: command 0x040f tx timeout
[  488.313368][T14281] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:35:59 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:59 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="6f900ef057641a2233d94f5e080c8e9a625226087fbe62e8be6bc055b836c16bf4493017d19ca09d173fa3b367055ca6627bb35c1d2a52e6f7e8eb282f4987a88c69b64dd030e095ddf6b11d255aa506b97583271f6719db400885fb2f5a6ac241998067486f71b7a5367ff476e011d40d723242ab0080404edb74d802018c658a1890224443c1b7ea83db966f"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="6f900ef057641a2233d94f5e080c8e9a625226087fbe62e8be6bc055b836c16bf4493017d19ca09d173fa3b367055ca6627bb35c1d2a52e6f7e8eb282f4987a88c69b64dd030e095ddf6b11d255aa506b97583271f6719db400885fb2f5a6ac241998067486f71b7a5367ff476e011d40d723242ab0080404edb74d802018c658a1890224443c1b7ea83db966f"], 0x0) (async)

01:35:59 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r1 = syz_io_uring_setup(0x56c, &(0x7f00000001c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r1, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:59 executing program 4:
syz_80211_inject_frame(0x0, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:35:59 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x0, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:59 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @remote}, 0x10)
listen(r0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0)
sendmmsg(r2, &(0x7f0000002300)=[{{&(0x7f00000000c0)=@generic={0x22, "cb0f4503fb8699bae3448957742b8bc5d8de980100e01d6783f9afd9af746347d463a1d22f0ba902980b22679ab893ab18f88dc42ef666bfcfbd1ee2dc898a8f84fbc131192442cca7c25ca950a5b7562bc68b65e27d5e540c1dac5ae392417ca6546bea176ecfddf7fec24e1792552570f1e6f3e1b7f2d2c4d108c48b8d"}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000140)="cc5ce0626314fe654ab349e0cab2ae9f0edc7c2a7a16eb8805da6fcbd106484132f1648b047c199ef401bfb7a166fb280ce9d1479a404e7bb8bc4e031238603c1d69db697e50b697fc70dcc1ec00267d95ad5d9d7355", 0x56}, {&(0x7f00000001c0)="cf11678bdacdc4111ba8512fde8d3d2ffda6c4f9450bc9c25bc07877328bc56da5dcdcad2cd8a67257751096af87d69ca49004905538e8d83894bbaced8f9a315d405db6a0c1b765bbdbf64d95730771e9780364bb825e50ebaaa801389549ad0071054e14683b79e3fc21d82fb19c832e0b1aead2b0acfa52dba36d5f20e333ea92c8bfd9", 0x85}, {&(0x7f0000000280)="08bc89af12741cf7896105ae603f190f84247166dc2d15b41a5d0ba6687cf92c371f2d1febbbde8ee98f40e2fe70724cb0a0f762da5f6d687b781af2bb1d25a79f2ffcabe6e707221f9ae399fec466ff1a98a69e35359a17fc253b80a89eef81bc79c963fb10989b3e7ec1dac0d76621480709bdba3eea0161b4aef48fa8cf3a", 0x80}, {&(0x7f0000000300)="b7f4bea56925201e762aa0ec7ccd215bf3b721b55b5b2ac854", 0x19}, {&(0x7f00000003c0)="3c7a653799a46db6cef384c284696254f990bf60eb6684aab2fe9ceeb03387b5d2850cfdc88ed9da512a7dd1a1f582711859a7dca768a8030e98838f10fb97f23ab6894fa569927de64ce19f1c1a71fcfe9c84e01c10a35451ff49a0e5f917b3a781eb9687b1e977585f7658a19e7282786125230da9c14ecc6ceca9d9110212491b2d270971fe94af6cae09239ef54027229ddefcdc099ebb17741ec5ddc0a28b70f36c9e253709be0e33cf45b947830725fe8308c89241eab4601689ed6aaf7e6ee9769d9cf784b2aa514aab718f92d139ae4c8e3404d42429e10eac49", 0xde}, {&(0x7f00000004c0)="01aa6b1dbc20889e4b427f60a32eb6acb6b5b530a37dc380d9f1f124be6bd2dde15825d70c5616b61a13cc2f509413c70ec2ff78e71f25731df696fbe5a580bed5f93db0a1fe811b8ebf89efd6b01c622f228053df025fa9639109ab6fba938dc0aad7bb35a5d701b55c7cd41bc5594efb2e0081302fff22c3288ecbf4c1e35473ac1b8fa3e73ff9e103d9f51de1efec3c3c9883164c1ad598bc2df86255d73e545773b981b03237447051655c6f53fef4c32f609fbaac952172fc1d8cda6f242344", 0xc2}], 0x6, &(0x7f0000000640)=[{0x78, 0x108, 0x7f, "1460ccbf086af451d6f2a9c632c88bc4aead957de48acb4bba0f77c9077a34a2df4f52cbb2ac9e0fb5f7b2276bbbcaf066cd37491392bdb369c30d1dbc625463f90d467d2a88041765353a7ec8d656dbb3609b17aa9fe21abc8af0e9256bec7687f65b0da76d12"}, {0xe8, 0x10f, 0x8, "25fb8880bb64f1ded056d24bc6c8c5deb7f8ef8cffe2d03cb41897a6eba79c48da7411846b85c98107334b5b3660af1c9d8fddea01332b7db1e8dbf901d4b332c8a4eee7fef2a686acf82e49ba7413d39781144e993d96d0b30d7dd2b474f93a05265cf19e4452695e227bd36e31e531ffdb6184becabbd3804cfc4faa0a87436899f21ca1f876c08e178f88d80ba8036187b103ca8c16661657072a323cdffd9b12b53661c96aa977911b49aa29b1e8bc5757cbb0f7b7f594207adb509561cae9c1516061194d19d996a86892de67cf63aa40e7ceaa31"}, {0x1010, 0x88, 0x1, "327d86e89637e6abef8101d0fb545fbb292e589454433146785b98a3dad6ed259353915a17632601050460104f7d8d665aff5ca4e445008b196d770ec87231fb7418772a4b254f9c57464e52a25d51797df1d4054576bba6c69f1e3918b9d5f3aae5f3a11b46f8ad017ceec11096b3aaafc3145a1be83d81919daf078f6e5184397f956927fc1fbf8abd9a35e497798de428bc9b01d55b15cedc0f612fdbbdec34813885732738a89c11569da53887c499c9f13f6421058c83d872dd4bb8c393046ef0fdac8fef5c3439f6166e797780b25ed00bf98697a2d9e6f387ff8125a13d078903f567095af090cdd94459912a887cfdf5838b49366570178cb622dedd1223cdb494dc8fc1a52b8ab3afe6a89c573be77a396d298f72214a8d94aa02f5380db924df0e52a90f7fd6cc46ba263ff045ff306acd5bd92970bf2a01b54bc4af6d921a574e090ea9d5cfcc71c18077789ea07c41b05a8a1b1f1da42d55bded902790b61f0101ac90eb0a0ab09fb030015153067d71da6d7b4192bd02e7bcae322f7f794cfab99354dc6477cd6e264973c57f783964b0385630a941d12d71ed9e6994416583dd8f60291370104b794dca1e826cb1f1d8208395132a51d8012cb380c7e4e6ebcefdbacc93e7f11f5044a852072e937c43fcd907ed6b10a97e9edda4fc145e63e4ba1ead55246d30800103c1c554bec8e855573f3bd86188c12b1da51df66c431a60c5ee482334ba83658e16ee59cafbf3e7c9d05ec693ad82ba528e9cb1e5e3e4bbaabbcc733e7c66594c03beb0dcd4a27224ebd06c2e10a3e79150a7187d83a6f28192029e92d019f504973c3d4b287dabdc681da2144159b2f4ff8637b3275c490c1cef18f88c10e71ce8bbe4f951477908288fe5e19dc5448392ac6b6aa473df71db52e13b904d17ad8fd363bf4c86d300cbeb2ceafe6a9a61ebf0ca9d8900077ea5824b9e23a6eedf736fd9b82029a32e7e632b29e53f2433bebf9eb2a99fd99c725723c10482b0f0c7dbe3cc236c5f9b69d3235542a389c43dbc2f2ab33ccdba733cd203893663c7993ffdeab978b3962d0e84002a1db5823c47397bf6708467addde111e84c5af40ee5821871cf9d3938cb94dbf84d88d47f139ae9ba572820c0e6cc3f0b2e3518229a95377d85bea19d42cbf4641ea460d607b318e52f9303f2c414c5c03b2c648f462aa4c7b90b62991eb9c071ae2b19d24cd119dbea23d7661bcd89bcddb1eddc7ac0a4ddb6ce6a56a984c3fa8248f5d50d9af34cfb57f8def5d59f07ddb68a82c21638c67d9d4f310653978654fd843fa92bb1c85a2fa9d0975cee6a76e3380267317bf7131c279c49b0a05c11361670298fdbb9cdb98f398913cbda15407686c43d0f8c161a1a2f2f590b7eb2b5e06f4027dd86b6c13cffe1a1917b8c174f44b6f693dbeb93fe64b50eff7577d5cd5cdba480c849d9dca99e1ecf7a78e8d404a8f82b5417f41a7ad82eb91215ffdbbcf2cb6ee66f8a69cd20bcb42b3df6dbdbaea7172cb7302f0d2bf776bea90cd91436f8f91c37a36bf7c2affc75652165262ac67c013a86d33eca259c86eb58d28186b26ebe287ff9abbc537344d63d41072b16cc0dc2b3f3352daf7b0c76303f8a8d5fa48998618936c9e8012a54ce4cb385e96f96be1f42c84a24e643ee6f07319a4099deb8ff2f51cf9824b07c5995c07df5532f733797c773ac9d481d6ae2bf3a1a59d7401f3817b4423db1432d1fd15523e02332d5e21e1e6ab1901e98d222f12ee1836c88f66c106ae958956044b4d2ff746359b78c282ccca0fb16ee033f0f548094e36a3880af5332a56456493c3693c5aa6b775840d5c8040e9eaba694a25ba2ca2db366719d99333cc205c7b69fbfefda460af43df175ff57b50134980bd85a53fa72a46bdf2f80ad2171a5181221b272cfced17a7bc3da1a2ae75ead5fa6bded85a133b01fdb0ee9e0e067b7049e243d5b62b8c440974bc1cdabbd55a215d12435e374da016dbaa9418f52d920c4dd29473affcb02be4c1fceb4a454679ece9f29c11107dd0fe4217052fe4d5c3e0752ea1a984e0a900ad2db952be19296d03e524b9eb395fd687bfa0b465c80dff810a5ab75e29c783dbffa39032c6c4870db7b2bb4d8f4bd718e46a81a95382af45e20bbbafdc0a7f13e561aa0eddf84c8ce92038724841b3616de4ef16a718a4b93b00a06823150b043dc7ac673cb124c9364fbb1e254a0a2194e14316ad1b2e8b9e548e296cba818e5f1a37408dd7c46a59b830ad5de83f18b6f0546ea8f9eb446e6f8d65979dfa4f782eecd81bd93e9fb4cac786f994a3d5202ffec06a68bfbd4e2a01b0bdfd9ed23e9bc9c5a83728493c7c52fd881f4c389b7a8876bfcb941885464f09fd1782b63b61ba489d219e114cdb331c17aff33b24134dacf1ae49f0825fd00db2d7a96d07a42d484ffcafd30d2e3c654a27ed5e1101d9d57f85ea493f14680cc621009dfab3995d4bc246890712ee23fca9da2918e46ed8915dbdf2efabdf4fffddb0160fd4edab5d5d108ac5d500d8a96e5586d98ebdb1de333b33c062acafbd022645481c10d2b85cb628cb3e822bbc56e02f471fc4b1b96ab357f68471acf4d0530c1b121372398b2365441dbb5f301b501ad453658470851e0a05d28ab36a17f7f07797244553e0f3297b01f7985adab85094ecb2b0314823d5573a4ec4d379d59dcfda8938f62485529884812b9a51215b028b0723c1a724dca9ebb02214e804c798aeb409244570d3cfbf9d0d0cf51254dd45c33b6ab858bb0e39e2dac8555195e9a9fe13a76d7d225aa59ae20b73b6377b1e2fad923240859928ba806ecee3fa28ccd72406cc982d976662082391cba4b6efe13b599994dafca70fae4fd17bc7046339a5427e47a08f00cc4d20ee2fd71b3fc9b37f4dd24f3c7f59e181aa0b83303c4cd6db3b3710687a5dd5ff8399e5e5fc81e8d0a7ddb073729cabe33022efc2d7428b7640687b0aa1d1f0f8dbe947769ccb66f4d8d11570ffcd8769bf2f358c7e52437cbd02072a3e54d2f51d8965e566addb6e08aa2e2a2b7a1aad65def6183153ef6156015a250248741edd9b6a7f02f1265424a023a716bdedd61bdf807549db850b96018e94ea891e1a4400bbb7ed1d6cf30f89df334d1524ab07449a73ca2ddf0499480d75d5b0dc7f7c2a71b5e86a688c671acb4c5c6648df9a45f4c334d3c7d4ba8b7cf1ec2642afab077f74b13386efaae52d73e6705f1fa658070661388e6ce7aae1a62fb3275e331cafda42102b539c6eda005f1e8f14ca5b277b388819b01f10df7d68d4a4196ef81c851a11bc5cb5847634c07713f6f01184a98f49cdab2720d4d361a68955bd694bc431afd3e934335826e9e1c1cea8e1f92c544828c40563a6fa81d866e5bf3608b43a202076b7f0d279d6de01d52b52c171f64966281421656cbc5726619d852605dcf30d5a24bdf7ee96bf4d4461e9b68c92753ab17799e4416275edf93636a3d3dace4c0a299007511f9df32612348852ec32614df62904e12ad57fff6357d987367a5f17387e9f47c4aa94464509ea5c3f11608d01b9a34fcd8800aa00e5588fda58a56ef9973568b21e3b3aa462902e28ba57cc507ea4dd10f38d5431fb355cc9ac9336b5a2b92b990a8b7cafd90649d865c798d0bec97f9b3119f2db01c6359ae61a4bf094ba0827f94362fd6910d95c3e1888f4e31bec96c8aab5c2a4d8748aba93574ff22d8be31fe66ad1846daefdd6f25220e4c268f32702bfee7ffd38e617b776a644901654635a00e1327634f1110b6bbdc8595cc7acdd857f0148bdf3df2a0e05d4a4e7f9683a56947d57fd5868795dc29fb8a9b087a8193db9605357f97a03929d0ae40ee9ef9d286bb322361e4b091c30ca45a5e29300bf7819fef0b79079f81453305b4582d5de69701adb25dbb5189293a18048b971e1bf88fd5d6565952d3560ca0dbb6e1c79815a925b6f643b70782c1ff1c0388f3b602a8d3b95bd67563fa1f1e235ae8498dc7eff7a98b13c7ec3288edc6579f7a7218eeeb430e22eb39bfb25e5e410a448dfd50b1962bad4c77d96962e6a98ee7a6cddc21ce32db36e1267025cf5e8410dc9ab39ad19278b0231a84d4f0a6e2987716ebfcf293a8eb0fae51177724bdd0b15eb35b10fd7d69785b208faf87cc9090dc78056bd6dc0f0340d19d3eba3dda6f3aac807c18a413eeaa8168e72cdf7cfd04189ad3c51ad812ac6a29b7256410b36d5c49b80cd7f7739878cbc65df9ed3212ffd526694f2f9feaa9123a7c7be6380ea103856efb49b6d710f8771a7106af47f5d0de88ff06310812a60dd8d2b5b984c1b728816ed2f1176c34ffbb494532d653550a7798dcb87d93bade4f64ab3c3b306bface3a3805b10dcc7523501ec7253b569d9afe9ab1e0afd3970bbcef1818dce0014cdf3e866ebc8ade68e2189915faf63bec1b46bfce648a459954d510a8b068c64bf7e2212ff77f5ea4a2a3c331664d6404fdd3dbb5d3157ca871df29dbb372586c20b4d8a7a8052816526ded15b861bdb4bc87b418de9f23e6b7a2229d713be6f4662a40c1093e27e9166727f783582ab18da436c668b2674ed9f7c2d8f3f609f8e72924393b9c99e2244c1086fcbdc52f763c4175fdbf01676c0d14966210e5dd242cb434b723df13d36cfac3eedff5264e59940457a67c1d83b9db2f1c7b5873652902bba31b208e6bad4cbeba404ec9bb97a3a0575bd3f98dcf0064fab539ba085be85cd8f2e40f5a5b2ddb2b3be5016dbc7e39b6c125a38036b5c8d3edb459ec88c3ecf9b35e2e29d7e7a8edb2375b9eb294930f9740c02f7b2e423bb1ec7ea423c880cd818ecd8d0ad8b87c69c49dc15bdd404e1bd946ee306ab22910d877cce90664a39a6c1b23e3f818c7f7817a575a738a060647335bdf6b3dc64e8d6a0134601d7ac549b2cd5d6fffbe406ec22b4751b1e7d99dabf9f301da9254eaa361b0beba9a59594ae7510daed4e589b2e4f7d87650b2c157b3d5aac3e20cba4298ee986104ad47cdf7fce98c9bcee7c1ec276c86d1f5dd1ded43a6a6446af7993a3c04166d3fd25b9980bdf3c9ef40724b78d56ce55b41859f1e1ba808724d26c02e301c6c1eb9cce6c0e2003a211e89e9a846916e126e60f5936acfdeb1aae14b23948e312edc97aa307eaa99b176b45f1e90d692068b30e4e35ca95f1634a52d90ca01c80e528a05615181984628855b5ca05c3babd0f279c94508247637ffd5c70ceb0dc43e2a64b556a509c7aad7117ecab5373aa5280b3cfbd4f8c94360b8dec93014e46e294cf4f46634023ba8b1c002c5a8c05e9d88de062068858c66a54c774931457e404fbd256828f758e8773d6592d01602ca2a102dc1212c52aa66bc9f807c79c913c5a0ea63259fc177c94c0777012893fe701a9a5bc882c24dec2de976c4f8def484143b29fe6e1c843e70036cc8d58dac535c59b1e9d2e8289c6fb110097e3d65d1afa51766cda2c36302a42edb6e8626dafa5744111fff43b59edcfdb54e2542ccf05658aed4d8f83ae028eb35ad4c5f5085609a25f124dcdd62da34f2b395f7de30a216eaaedfef3dd131215c9b07e05a06c64c37d20031e043b8784f20ba2b4da7a471440978a5bc5400c3ad3267bf611a7e2993be209760d56ac3699669cf00f3e4e9873024e2134d71d8c755a59ea47a3730172081dfcb7941cf46368eeca7609782892d224dc1828dc5640b8b6c70ba704e79016e24d27da2082c3c3225ae2328f4b8a2a7a905da46a587c3ad24f230deb1b2b209"}], 0x1170}}, {{&(0x7f00000017c0)=@pptp={0x18, 0x2, {0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000001840)="d8e786efcd7de9127e34fc2b9ec6222075fd610b2d977385cc1f74e602c3cbd6f13b7c728723200f3ab2fc64a9db233b7d23c387f312f8e0eb6b2124aef2926b138572969bc3a66e13353ef6962b0809e5e00e79298a66646f54b3cfbf8f33383416f9d9aa8937d5a01e6eed9d401667eda13c07006d555bead926d5278bbe80b0beb8768322eeebc4c851e231f189c912f0dfc418db0a7280b5f0acfdc9f5c74db25c9c", 0xa4}], 0x1}}, {{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001900)="4e39e61ae0aa00f6fccf763fa6dc3b6cd67d7a162807b5ed69bbf9c12cf814ce6e9a8aa335f022c660791624d980a29c33da43d2653d61a9f721bdfc025f87ce0a5b89f5edf919e79712b3ed5aba83adef13429be8643f620082df289ce93a0c870f15cda2f3950cef18c5d6d189bb9a8ffbb5c9ed4a852a232c59e91eeb89bff5627c8cde9b9126df9826e498d987ba7366d16f22ac98bd1f5075d545cd195498e9a6d087ef27c09c9509df2aac8439abbf6bb9b55c4239bf63fc728e00df05c4d93ecd990ae3bb103f772bfb38a2c29cc90bc63c42e8f881181f6d98", 0xdd}, {&(0x7f0000001a00)="248a75b1004ca015102557fae726a4f03d18df3de91a97507aea09ffe650e390259eb05feda57e557386f2deab1323a3ffabd4eefb3ab1c64333a177708620f4e5259d354276ae5a5fadc57166e94c14911bccf263970aa1f0f43736bb39560d609c70aca1653146937e51e2de16adf8a7d1b12e9492745017ae3334cd2634c47c3549d08790c4d7e58aaf02755e6cc7d2eb1aa13a12ad055b681933fba3065ea3bb38e7ee9b6dae1fdccf009223c5cf647c2629b1", 0xb5}, {&(0x7f0000001ac0)="d8914a30a74303f23cb0b1add07e8cb217bb86bac2db0af724e74b4ba86e76178e197e1c5d5fa8afd772e18b2eb2be4e6756d7813fae75c50787a414bed586564234608766ae34076b78ec47445f066feb931000580432ad64161ce0c486be37b0d4cbc50e1d659a866821e823ca28", 0x6f}], 0x3, &(0x7f0000001b80)=[{0x100, 0x117, 0x5, "93039f58fffcbdc77fc98210413fc13cdb9c76b8c7b189fd614aadf51b70e41de6012e25de819cb1352f3a2f4683a496045376cfb9cbfeaab6712a020a2a9238fa54c2cd8a923a273451f3fb328eec91d9948971208deed91109920b42f74c72d73d7e2d93de4cdbfa8a2cdb615c8f50915dd90e7f718cf2b49e403938e68d9d25504565cfdcd8d1601af2d02bee721322cab863818b7fa5eb2af0f3057e4b9a1110e18c34f6e423a4fde892073ab5ed3e3e7b652f53f04fa519fa37ab8c3bced6b3dde17ac040f56dc86d6a28841483b050fb66ef6919f860ee68a86d3de70ef3dc1d25bf616856cd"}], 0x100}}, {{&(0x7f0000001c80)=@vsock, 0x80, &(0x7f0000002040)=[{&(0x7f0000001d00)="b3f6719256115af221d6456604e8757677df6e4e40c78c8d826bf377beaf977728b900228c1ed94d05fe7ec394f7d1e71e220deb00d17f9022e46986163f4a357c83d7da1f774825c18eb09ca3f0bac3cbe5fa99014fa0bb897fdd79a935537c71e53b57f5f3a7067ce7cb8b5bcca4c2055e6031fd7731df2d8fe98698dddb584fb2c5479fbdf62e4ef2e79cfeca02b6a7472c0aaba0d6a8932f035696d8e420beb6e80d1399a2dd1d06a6971bd011b5c04ccc20ef6d294f4ed2", 0xba}, {&(0x7f0000001dc0)="c617e3f85a8211c4ba7e22dbf000ec43d6cd4987ebf3ab779ef3e4732a6a4461fcbd4ac1d3183398d1e64eadc5557cbfd4f83a99c03b64e0a4581feab78d7f8e34e1461c2b32d8697db2e25690124504d5744bd611561a422d833b7e4f8904b46b3f4cf7b78de314484f31a241407ace01e4f7fe8e673529f796c6944a5d8533808be2e87726409864e89c70e66a28bdc71315fb8aa03c74a6df690ee558d9ad1df50b313a20fd4c510472a41d827cd1a8321144f0afbd683632694358844244227e2ebf67a90d2619e815fd139018ac765f770a85e1ff77e6409bc552455d6cb89500615eb956", 0xe7}, {&(0x7f0000001ec0)="69e08e83c523206a1e48f308dc0945288e6ef79b2f083b5e008ed2555f2b316475c12610a9037aa563bff3e4aeec26170d726d4edafac2485a3b3c8933e5b0848182997bafa931d9961b22ed0b03c3c05861d0900ee0416077df84ea2c57e622a3b9fcc76f0cc22bc56ac1291a6b71b768d094ce8eab3329649b7b2b5052eeb9bf0a540366e52f2c7f41657ffb4e3ccc63b552913ce0be6afdf05f7dcfdd97357ed488267baaf3e2f438b6e97f0a2f6fd04040d3b1838a81c70c6d1cf64dce990140544b5cc122936dea", 0xca}, {&(0x7f0000001fc0)="c5d9df87dd9895412c69205aca44133cdc42833867c11c193915099c50cc52a9dfa6a90af9679aa757f6acdcfae15f0176bf0c022976eee94e267b60e65bf8bba6ad7153e8be072cfb779ddc04834bfdcfb14ca5763a82f6fcadfd635eee0353d6", 0x61}], 0x4, &(0x7f0000002080)=[{0x80, 0x118, 0xbb6, "e25565ff5a0a4ca4fc79efa2684735d3bc5818b085ef11878d52984d042f01a5a5a1dd5f0767abdef2f620c4aca5d99980357176e4d2af3524a6241fecd2edd4e9939258d1811264797cb0508e27a3ee46d22de974986563a379ed525a9817cd348b7a290acf5110d8f803be"}, {0x18, 0x1, 0x4, "b5b08c39fe206a8e"}, {0x98, 0x0, 0x9, "f8d558d962885f24d10a1751c95800c8006e8b2478849eaa150a81c91d12644311601ee932793c3473081882c5464f99c5f7f114760dea0dc8421af1648f586e6b0ca7679b1ed4a856291ae7824f9c074431ad9b0659450cab1f16706b3bd8d52e89e1cdb441b334011a8ffefb7cc7187adbbcca08fc2a6cbf720ea595c2591ee655dd7af783"}, {0x18, 0x10c, 0x6, "39fdda4e5b"}, {0x28, 0x84, 0x8, "32f2ac9a8b55e03946cd3410d4fa376fe73c"}, {0x108, 0x10a, 0x2, "97878ed629da876518049bbf14ebf60600a6ab7cd4add3b8ecd9c10d5373c754c6652342973c39950f40659bdb8d8ded4aba18af937050d888a9571b4497da6f1cfdd11478db51a4bf4985fac4b425e35a2fe1320baf5c70d404b2da4dde90156b54303e2ff47fb0f0a474d2db7779bfd45b59f222ad0f517d660256d369f1dda0a940f1437cb930a8fdf6171a7c98835bc51513e2f032181484926ba34158696f32de10bf9bb21c4d24681f1eeb32fcae06ad6841f5885325e0f01df5b73a82511a14b6dc22172b891cb1dcd116c96c753f3c1a50cac350bfdaf9fa7276afa790a72f069d809ae336471764015df10ef8ae60468acf"}], 0x278}}], 0x4, 0x8000)
syz_emit_ethernet(0x52, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xc, 0x2, 0x0, 0x0, 0x0, {[@eol, @md5sig={0x13, 0x12, "ce79387d5c4e9d553755c88ff52509bd"}, @generic={0x22, 0x9, "06dffeb96a6289"}]}}}}}}}, 0x0)

01:35:59 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = dup(0xffffffffffffffff)
write$6lowpan_enable(r0, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000100))
r1 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000180)={0x0, r0})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r1, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:35:59 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  488.798026][T14291] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  488.822534][T14295] net_ratelimit: 3 callbacks suppressed
[  488.822551][T14295] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:35:59 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async, rerun: 32)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) (rerun: 32)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @remote}, 0x10) (async)
listen(r0, 0x0) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0) (async, rerun: 32)
sendmmsg(r2, &(0x7f0000002300)=[{{&(0x7f00000000c0)=@generic={0x22, "cb0f4503fb8699bae3448957742b8bc5d8de980100e01d6783f9afd9af746347d463a1d22f0ba902980b22679ab893ab18f88dc42ef666bfcfbd1ee2dc898a8f84fbc131192442cca7c25ca950a5b7562bc68b65e27d5e540c1dac5ae392417ca6546bea176ecfddf7fec24e1792552570f1e6f3e1b7f2d2c4d108c48b8d"}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000140)="cc5ce0626314fe654ab349e0cab2ae9f0edc7c2a7a16eb8805da6fcbd106484132f1648b047c199ef401bfb7a166fb280ce9d1479a404e7bb8bc4e031238603c1d69db697e50b697fc70dcc1ec00267d95ad5d9d7355", 0x56}, {&(0x7f00000001c0)="cf11678bdacdc4111ba8512fde8d3d2ffda6c4f9450bc9c25bc07877328bc56da5dcdcad2cd8a67257751096af87d69ca49004905538e8d83894bbaced8f9a315d405db6a0c1b765bbdbf64d95730771e9780364bb825e50ebaaa801389549ad0071054e14683b79e3fc21d82fb19c832e0b1aead2b0acfa52dba36d5f20e333ea92c8bfd9", 0x85}, {&(0x7f0000000280)="08bc89af12741cf7896105ae603f190f84247166dc2d15b41a5d0ba6687cf92c371f2d1febbbde8ee98f40e2fe70724cb0a0f762da5f6d687b781af2bb1d25a79f2ffcabe6e707221f9ae399fec466ff1a98a69e35359a17fc253b80a89eef81bc79c963fb10989b3e7ec1dac0d76621480709bdba3eea0161b4aef48fa8cf3a", 0x80}, {&(0x7f0000000300)="b7f4bea56925201e762aa0ec7ccd215bf3b721b55b5b2ac854", 0x19}, {&(0x7f00000003c0)="3c7a653799a46db6cef384c284696254f990bf60eb6684aab2fe9ceeb03387b5d2850cfdc88ed9da512a7dd1a1f582711859a7dca768a8030e98838f10fb97f23ab6894fa569927de64ce19f1c1a71fcfe9c84e01c10a35451ff49a0e5f917b3a781eb9687b1e977585f7658a19e7282786125230da9c14ecc6ceca9d9110212491b2d270971fe94af6cae09239ef54027229ddefcdc099ebb17741ec5ddc0a28b70f36c9e253709be0e33cf45b947830725fe8308c89241eab4601689ed6aaf7e6ee9769d9cf784b2aa514aab718f92d139ae4c8e3404d42429e10eac49", 0xde}, {&(0x7f00000004c0)="01aa6b1dbc20889e4b427f60a32eb6acb6b5b530a37dc380d9f1f124be6bd2dde15825d70c5616b61a13cc2f509413c70ec2ff78e71f25731df696fbe5a580bed5f93db0a1fe811b8ebf89efd6b01c622f228053df025fa9639109ab6fba938dc0aad7bb35a5d701b55c7cd41bc5594efb2e0081302fff22c3288ecbf4c1e35473ac1b8fa3e73ff9e103d9f51de1efec3c3c9883164c1ad598bc2df86255d73e545773b981b03237447051655c6f53fef4c32f609fbaac952172fc1d8cda6f242344", 0xc2}], 0x6, &(0x7f0000000640)=[{0x78, 0x108, 0x7f, "1460ccbf086af451d6f2a9c632c88bc4aead957de48acb4bba0f77c9077a34a2df4f52cbb2ac9e0fb5f7b2276bbbcaf066cd37491392bdb369c30d1dbc625463f90d467d2a88041765353a7ec8d656dbb3609b17aa9fe21abc8af0e9256bec7687f65b0da76d12"}, {0xe8, 0x10f, 0x8, "25fb8880bb64f1ded056d24bc6c8c5deb7f8ef8cffe2d03cb41897a6eba79c48da7411846b85c98107334b5b3660af1c9d8fddea01332b7db1e8dbf901d4b332c8a4eee7fef2a686acf82e49ba7413d39781144e993d96d0b30d7dd2b474f93a05265cf19e4452695e227bd36e31e531ffdb6184becabbd3804cfc4faa0a87436899f21ca1f876c08e178f88d80ba8036187b103ca8c16661657072a323cdffd9b12b53661c96aa977911b49aa29b1e8bc5757cbb0f7b7f594207adb509561cae9c1516061194d19d996a86892de67cf63aa40e7ceaa31"}, {0x1010, 0x88, 0x1, "327d86e89637e6abef8101d0fb545fbb292e589454433146785b98a3dad6ed259353915a17632601050460104f7d8d665aff5ca4e445008b196d770ec87231fb7418772a4b254f9c57464e52a25d51797df1d4054576bba6c69f1e3918b9d5f3aae5f3a11b46f8ad017ceec11096b3aaafc3145a1be83d81919daf078f6e5184397f956927fc1fbf8abd9a35e497798de428bc9b01d55b15cedc0f612fdbbdec34813885732738a89c11569da53887c499c9f13f6421058c83d872dd4bb8c393046ef0fdac8fef5c3439f6166e797780b25ed00bf98697a2d9e6f387ff8125a13d078903f567095af090cdd94459912a887cfdf5838b49366570178cb622dedd1223cdb494dc8fc1a52b8ab3afe6a89c573be77a396d298f72214a8d94aa02f5380db924df0e52a90f7fd6cc46ba263ff045ff306acd5bd92970bf2a01b54bc4af6d921a574e090ea9d5cfcc71c18077789ea07c41b05a8a1b1f1da42d55bded902790b61f0101ac90eb0a0ab09fb030015153067d71da6d7b4192bd02e7bcae322f7f794cfab99354dc6477cd6e264973c57f783964b0385630a941d12d71ed9e6994416583dd8f60291370104b794dca1e826cb1f1d8208395132a51d8012cb380c7e4e6ebcefdbacc93e7f11f5044a852072e937c43fcd907ed6b10a97e9edda4fc145e63e4ba1ead55246d30800103c1c554bec8e855573f3bd86188c12b1da51df66c431a60c5ee482334ba83658e16ee59cafbf3e7c9d05ec693ad82ba528e9cb1e5e3e4bbaabbcc733e7c66594c03beb0dcd4a27224ebd06c2e10a3e79150a7187d83a6f28192029e92d019f504973c3d4b287dabdc681da2144159b2f4ff8637b3275c490c1cef18f88c10e71ce8bbe4f951477908288fe5e19dc5448392ac6b6aa473df71db52e13b904d17ad8fd363bf4c86d300cbeb2ceafe6a9a61ebf0ca9d8900077ea5824b9e23a6eedf736fd9b82029a32e7e632b29e53f2433bebf9eb2a99fd99c725723c10482b0f0c7dbe3cc236c5f9b69d3235542a389c43dbc2f2ab33ccdba733cd203893663c7993ffdeab978b3962d0e84002a1db5823c47397bf6708467addde111e84c5af40ee5821871cf9d3938cb94dbf84d88d47f139ae9ba572820c0e6cc3f0b2e3518229a95377d85bea19d42cbf4641ea460d607b318e52f9303f2c414c5c03b2c648f462aa4c7b90b62991eb9c071ae2b19d24cd119dbea23d7661bcd89bcddb1eddc7ac0a4ddb6ce6a56a984c3fa8248f5d50d9af34cfb57f8def5d59f07ddb68a82c21638c67d9d4f310653978654fd843fa92bb1c85a2fa9d0975cee6a76e3380267317bf7131c279c49b0a05c11361670298fdbb9cdb98f398913cbda15407686c43d0f8c161a1a2f2f590b7eb2b5e06f4027dd86b6c13cffe1a1917b8c174f44b6f693dbeb93fe64b50eff7577d5cd5cdba480c849d9dca99e1ecf7a78e8d404a8f82b5417f41a7ad82eb91215ffdbbcf2cb6ee66f8a69cd20bcb42b3df6dbdbaea7172cb7302f0d2bf776bea90cd91436f8f91c37a36bf7c2affc75652165262ac67c013a86d33eca259c86eb58d28186b26ebe287ff9abbc537344d63d41072b16cc0dc2b3f3352daf7b0c76303f8a8d5fa48998618936c9e8012a54ce4cb385e96f96be1f42c84a24e643ee6f07319a4099deb8ff2f51cf9824b07c5995c07df5532f733797c773ac9d481d6ae2bf3a1a59d7401f3817b4423db1432d1fd15523e02332d5e21e1e6ab1901e98d222f12ee1836c88f66c106ae958956044b4d2ff746359b78c282ccca0fb16ee033f0f548094e36a3880af5332a56456493c3693c5aa6b775840d5c8040e9eaba694a25ba2ca2db366719d99333cc205c7b69fbfefda460af43df175ff57b50134980bd85a53fa72a46bdf2f80ad2171a5181221b272cfced17a7bc3da1a2ae75ead5fa6bded85a133b01fdb0ee9e0e067b7049e243d5b62b8c440974bc1cdabbd55a215d12435e374da016dbaa9418f52d920c4dd29473affcb02be4c1fceb4a454679ece9f29c11107dd0fe4217052fe4d5c3e0752ea1a984e0a900ad2db952be19296d03e524b9eb395fd687bfa0b465c80dff810a5ab75e29c783dbffa39032c6c4870db7b2bb4d8f4bd718e46a81a95382af45e20bbbafdc0a7f13e561aa0eddf84c8ce92038724841b3616de4ef16a718a4b93b00a06823150b043dc7ac673cb124c9364fbb1e254a0a2194e14316ad1b2e8b9e548e296cba818e5f1a37408dd7c46a59b830ad5de83f18b6f0546ea8f9eb446e6f8d65979dfa4f782eecd81bd93e9fb4cac786f994a3d5202ffec06a68bfbd4e2a01b0bdfd9ed23e9bc9c5a83728493c7c52fd881f4c389b7a8876bfcb941885464f09fd1782b63b61ba489d219e114cdb331c17aff33b24134dacf1ae49f0825fd00db2d7a96d07a42d484ffcafd30d2e3c654a27ed5e1101d9d57f85ea493f14680cc621009dfab3995d4bc246890712ee23fca9da2918e46ed8915dbdf2efabdf4fffddb0160fd4edab5d5d108ac5d500d8a96e5586d98ebdb1de333b33c062acafbd022645481c10d2b85cb628cb3e822bbc56e02f471fc4b1b96ab357f68471acf4d0530c1b121372398b2365441dbb5f301b501ad453658470851e0a05d28ab36a17f7f07797244553e0f3297b01f7985adab85094ecb2b0314823d5573a4ec4d379d59dcfda8938f62485529884812b9a51215b028b0723c1a724dca9ebb02214e804c798aeb409244570d3cfbf9d0d0cf51254dd45c33b6ab858bb0e39e2dac8555195e9a9fe13a76d7d225aa59ae20b73b6377b1e2fad923240859928ba806ecee3fa28ccd72406cc982d976662082391cba4b6efe13b599994dafca70fae4fd17bc7046339a5427e47a08f00cc4d20ee2fd71b3fc9b37f4dd24f3c7f59e181aa0b83303c4cd6db3b3710687a5dd5ff8399e5e5fc81e8d0a7ddb073729cabe33022efc2d7428b7640687b0aa1d1f0f8dbe947769ccb66f4d8d11570ffcd8769bf2f358c7e52437cbd02072a3e54d2f51d8965e566addb6e08aa2e2a2b7a1aad65def6183153ef6156015a250248741edd9b6a7f02f1265424a023a716bdedd61bdf807549db850b96018e94ea891e1a4400bbb7ed1d6cf30f89df334d1524ab07449a73ca2ddf0499480d75d5b0dc7f7c2a71b5e86a688c671acb4c5c6648df9a45f4c334d3c7d4ba8b7cf1ec2642afab077f74b13386efaae52d73e6705f1fa658070661388e6ce7aae1a62fb3275e331cafda42102b539c6eda005f1e8f14ca5b277b388819b01f10df7d68d4a4196ef81c851a11bc5cb5847634c07713f6f01184a98f49cdab2720d4d361a68955bd694bc431afd3e934335826e9e1c1cea8e1f92c544828c40563a6fa81d866e5bf3608b43a202076b7f0d279d6de01d52b52c171f64966281421656cbc5726619d852605dcf30d5a24bdf7ee96bf4d4461e9b68c92753ab17799e4416275edf93636a3d3dace4c0a299007511f9df32612348852ec32614df62904e12ad57fff6357d987367a5f17387e9f47c4aa94464509ea5c3f11608d01b9a34fcd8800aa00e5588fda58a56ef9973568b21e3b3aa462902e28ba57cc507ea4dd10f38d5431fb355cc9ac9336b5a2b92b990a8b7cafd90649d865c798d0bec97f9b3119f2db01c6359ae61a4bf094ba0827f94362fd6910d95c3e1888f4e31bec96c8aab5c2a4d8748aba93574ff22d8be31fe66ad1846daefdd6f25220e4c268f32702bfee7ffd38e617b776a644901654635a00e1327634f1110b6bbdc8595cc7acdd857f0148bdf3df2a0e05d4a4e7f9683a56947d57fd5868795dc29fb8a9b087a8193db9605357f97a03929d0ae40ee9ef9d286bb322361e4b091c30ca45a5e29300bf7819fef0b79079f81453305b4582d5de69701adb25dbb5189293a18048b971e1bf88fd5d6565952d3560ca0dbb6e1c79815a925b6f643b70782c1ff1c0388f3b602a8d3b95bd67563fa1f1e235ae8498dc7eff7a98b13c7ec3288edc6579f7a7218eeeb430e22eb39bfb25e5e410a448dfd50b1962bad4c77d96962e6a98ee7a6cddc21ce32db36e1267025cf5e8410dc9ab39ad19278b0231a84d4f0a6e2987716ebfcf293a8eb0fae51177724bdd0b15eb35b10fd7d69785b208faf87cc9090dc78056bd6dc0f0340d19d3eba3dda6f3aac807c18a413eeaa8168e72cdf7cfd04189ad3c51ad812ac6a29b7256410b36d5c49b80cd7f7739878cbc65df9ed3212ffd526694f2f9feaa9123a7c7be6380ea103856efb49b6d710f8771a7106af47f5d0de88ff06310812a60dd8d2b5b984c1b728816ed2f1176c34ffbb494532d653550a7798dcb87d93bade4f64ab3c3b306bface3a3805b10dcc7523501ec7253b569d9afe9ab1e0afd3970bbcef1818dce0014cdf3e866ebc8ade68e2189915faf63bec1b46bfce648a459954d510a8b068c64bf7e2212ff77f5ea4a2a3c331664d6404fdd3dbb5d3157ca871df29dbb372586c20b4d8a7a8052816526ded15b861bdb4bc87b418de9f23e6b7a2229d713be6f4662a40c1093e27e9166727f783582ab18da436c668b2674ed9f7c2d8f3f609f8e72924393b9c99e2244c1086fcbdc52f763c4175fdbf01676c0d14966210e5dd242cb434b723df13d36cfac3eedff5264e59940457a67c1d83b9db2f1c7b5873652902bba31b208e6bad4cbeba404ec9bb97a3a0575bd3f98dcf0064fab539ba085be85cd8f2e40f5a5b2ddb2b3be5016dbc7e39b6c125a38036b5c8d3edb459ec88c3ecf9b35e2e29d7e7a8edb2375b9eb294930f9740c02f7b2e423bb1ec7ea423c880cd818ecd8d0ad8b87c69c49dc15bdd404e1bd946ee306ab22910d877cce90664a39a6c1b23e3f818c7f7817a575a738a060647335bdf6b3dc64e8d6a0134601d7ac549b2cd5d6fffbe406ec22b4751b1e7d99dabf9f301da9254eaa361b0beba9a59594ae7510daed4e589b2e4f7d87650b2c157b3d5aac3e20cba4298ee986104ad47cdf7fce98c9bcee7c1ec276c86d1f5dd1ded43a6a6446af7993a3c04166d3fd25b9980bdf3c9ef40724b78d56ce55b41859f1e1ba808724d26c02e301c6c1eb9cce6c0e2003a211e89e9a846916e126e60f5936acfdeb1aae14b23948e312edc97aa307eaa99b176b45f1e90d692068b30e4e35ca95f1634a52d90ca01c80e528a05615181984628855b5ca05c3babd0f279c94508247637ffd5c70ceb0dc43e2a64b556a509c7aad7117ecab5373aa5280b3cfbd4f8c94360b8dec93014e46e294cf4f46634023ba8b1c002c5a8c05e9d88de062068858c66a54c774931457e404fbd256828f758e8773d6592d01602ca2a102dc1212c52aa66bc9f807c79c913c5a0ea63259fc177c94c0777012893fe701a9a5bc882c24dec2de976c4f8def484143b29fe6e1c843e70036cc8d58dac535c59b1e9d2e8289c6fb110097e3d65d1afa51766cda2c36302a42edb6e8626dafa5744111fff43b59edcfdb54e2542ccf05658aed4d8f83ae028eb35ad4c5f5085609a25f124dcdd62da34f2b395f7de30a216eaaedfef3dd131215c9b07e05a06c64c37d20031e043b8784f20ba2b4da7a471440978a5bc5400c3ad3267bf611a7e2993be209760d56ac3699669cf00f3e4e9873024e2134d71d8c755a59ea47a3730172081dfcb7941cf46368eeca7609782892d224dc1828dc5640b8b6c70ba704e79016e24d27da2082c3c3225ae2328f4b8a2a7a905da46a587c3ad24f230deb1b2b209"}], 0x1170}}, {{&(0x7f00000017c0)=@pptp={0x18, 0x2, {0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000001840)="d8e786efcd7de9127e34fc2b9ec6222075fd610b2d977385cc1f74e602c3cbd6f13b7c728723200f3ab2fc64a9db233b7d23c387f312f8e0eb6b2124aef2926b138572969bc3a66e13353ef6962b0809e5e00e79298a66646f54b3cfbf8f33383416f9d9aa8937d5a01e6eed9d401667eda13c07006d555bead926d5278bbe80b0beb8768322eeebc4c851e231f189c912f0dfc418db0a7280b5f0acfdc9f5c74db25c9c", 0xa4}], 0x1}}, {{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001900)="4e39e61ae0aa00f6fccf763fa6dc3b6cd67d7a162807b5ed69bbf9c12cf814ce6e9a8aa335f022c660791624d980a29c33da43d2653d61a9f721bdfc025f87ce0a5b89f5edf919e79712b3ed5aba83adef13429be8643f620082df289ce93a0c870f15cda2f3950cef18c5d6d189bb9a8ffbb5c9ed4a852a232c59e91eeb89bff5627c8cde9b9126df9826e498d987ba7366d16f22ac98bd1f5075d545cd195498e9a6d087ef27c09c9509df2aac8439abbf6bb9b55c4239bf63fc728e00df05c4d93ecd990ae3bb103f772bfb38a2c29cc90bc63c42e8f881181f6d98", 0xdd}, {&(0x7f0000001a00)="248a75b1004ca015102557fae726a4f03d18df3de91a97507aea09ffe650e390259eb05feda57e557386f2deab1323a3ffabd4eefb3ab1c64333a177708620f4e5259d354276ae5a5fadc57166e94c14911bccf263970aa1f0f43736bb39560d609c70aca1653146937e51e2de16adf8a7d1b12e9492745017ae3334cd2634c47c3549d08790c4d7e58aaf02755e6cc7d2eb1aa13a12ad055b681933fba3065ea3bb38e7ee9b6dae1fdccf009223c5cf647c2629b1", 0xb5}, {&(0x7f0000001ac0)="d8914a30a74303f23cb0b1add07e8cb217bb86bac2db0af724e74b4ba86e76178e197e1c5d5fa8afd772e18b2eb2be4e6756d7813fae75c50787a414bed586564234608766ae34076b78ec47445f066feb931000580432ad64161ce0c486be37b0d4cbc50e1d659a866821e823ca28", 0x6f}], 0x3, &(0x7f0000001b80)=[{0x100, 0x117, 0x5, "93039f58fffcbdc77fc98210413fc13cdb9c76b8c7b189fd614aadf51b70e41de6012e25de819cb1352f3a2f4683a496045376cfb9cbfeaab6712a020a2a9238fa54c2cd8a923a273451f3fb328eec91d9948971208deed91109920b42f74c72d73d7e2d93de4cdbfa8a2cdb615c8f50915dd90e7f718cf2b49e403938e68d9d25504565cfdcd8d1601af2d02bee721322cab863818b7fa5eb2af0f3057e4b9a1110e18c34f6e423a4fde892073ab5ed3e3e7b652f53f04fa519fa37ab8c3bced6b3dde17ac040f56dc86d6a28841483b050fb66ef6919f860ee68a86d3de70ef3dc1d25bf616856cd"}], 0x100}}, {{&(0x7f0000001c80)=@vsock, 0x80, &(0x7f0000002040)=[{&(0x7f0000001d00)="b3f6719256115af221d6456604e8757677df6e4e40c78c8d826bf377beaf977728b900228c1ed94d05fe7ec394f7d1e71e220deb00d17f9022e46986163f4a357c83d7da1f774825c18eb09ca3f0bac3cbe5fa99014fa0bb897fdd79a935537c71e53b57f5f3a7067ce7cb8b5bcca4c2055e6031fd7731df2d8fe98698dddb584fb2c5479fbdf62e4ef2e79cfeca02b6a7472c0aaba0d6a8932f035696d8e420beb6e80d1399a2dd1d06a6971bd011b5c04ccc20ef6d294f4ed2", 0xba}, {&(0x7f0000001dc0)="c617e3f85a8211c4ba7e22dbf000ec43d6cd4987ebf3ab779ef3e4732a6a4461fcbd4ac1d3183398d1e64eadc5557cbfd4f83a99c03b64e0a4581feab78d7f8e34e1461c2b32d8697db2e25690124504d5744bd611561a422d833b7e4f8904b46b3f4cf7b78de314484f31a241407ace01e4f7fe8e673529f796c6944a5d8533808be2e87726409864e89c70e66a28bdc71315fb8aa03c74a6df690ee558d9ad1df50b313a20fd4c510472a41d827cd1a8321144f0afbd683632694358844244227e2ebf67a90d2619e815fd139018ac765f770a85e1ff77e6409bc552455d6cb89500615eb956", 0xe7}, {&(0x7f0000001ec0)="69e08e83c523206a1e48f308dc0945288e6ef79b2f083b5e008ed2555f2b316475c12610a9037aa563bff3e4aeec26170d726d4edafac2485a3b3c8933e5b0848182997bafa931d9961b22ed0b03c3c05861d0900ee0416077df84ea2c57e622a3b9fcc76f0cc22bc56ac1291a6b71b768d094ce8eab3329649b7b2b5052eeb9bf0a540366e52f2c7f41657ffb4e3ccc63b552913ce0be6afdf05f7dcfdd97357ed488267baaf3e2f438b6e97f0a2f6fd04040d3b1838a81c70c6d1cf64dce990140544b5cc122936dea", 0xca}, {&(0x7f0000001fc0)="c5d9df87dd9895412c69205aca44133cdc42833867c11c193915099c50cc52a9dfa6a90af9679aa757f6acdcfae15f0176bf0c022976eee94e267b60e65bf8bba6ad7153e8be072cfb779ddc04834bfdcfb14ca5763a82f6fcadfd635eee0353d6", 0x61}], 0x4, &(0x7f0000002080)=[{0x80, 0x118, 0xbb6, "e25565ff5a0a4ca4fc79efa2684735d3bc5818b085ef11878d52984d042f01a5a5a1dd5f0767abdef2f620c4aca5d99980357176e4d2af3524a6241fecd2edd4e9939258d1811264797cb0508e27a3ee46d22de974986563a379ed525a9817cd348b7a290acf5110d8f803be"}, {0x18, 0x1, 0x4, "b5b08c39fe206a8e"}, {0x98, 0x0, 0x9, "f8d558d962885f24d10a1751c95800c8006e8b2478849eaa150a81c91d12644311601ee932793c3473081882c5464f99c5f7f114760dea0dc8421af1648f586e6b0ca7679b1ed4a856291ae7824f9c074431ad9b0659450cab1f16706b3bd8d52e89e1cdb441b334011a8ffefb7cc7187adbbcca08fc2a6cbf720ea595c2591ee655dd7af783"}, {0x18, 0x10c, 0x6, "39fdda4e5b"}, {0x28, 0x84, 0x8, "32f2ac9a8b55e03946cd3410d4fa376fe73c"}, {0x108, 0x10a, 0x2, "97878ed629da876518049bbf14ebf60600a6ab7cd4add3b8ecd9c10d5373c754c6652342973c39950f40659bdb8d8ded4aba18af937050d888a9571b4497da6f1cfdd11478db51a4bf4985fac4b425e35a2fe1320baf5c70d404b2da4dde90156b54303e2ff47fb0f0a474d2db7779bfd45b59f222ad0f517d660256d369f1dda0a940f1437cb930a8fdf6171a7c98835bc51513e2f032181484926ba34158696f32de10bf9bb21c4d24681f1eeb32fcae06ad6841f5885325e0f01df5b73a82511a14b6dc22172b891cb1dcd116c96c753f3c1a50cac350bfdaf9fa7276afa790a72f069d809ae336471764015df10ef8ae60468acf"}], 0x278}}], 0x4, 0x8000) (async, rerun: 32)
syz_emit_ethernet(0x52, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xc, 0x2, 0x0, 0x0, 0x0, {[@eol, @md5sig={0x13, 0x12, "ce79387d5c4e9d553755c88ff52509bd"}, @generic={0x22, 0x9, "06dffeb96a6289"}]}}}}}}}, 0x0)

01:35:59 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = dup(0xffffffffffffffff)
write$6lowpan_enable(r0, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000100))
r1 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000180)={0x0, r0})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r1, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:00 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = dup(0xffffffffffffffff)
write$6lowpan_enable(r0, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000100))
r1 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000180)={0x0, r0})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r1, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:00 executing program 4:
syz_80211_inject_frame(0x0, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  489.086521][T14309] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  489.168192][T14310] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:00 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:00 executing program 5:
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:00 executing program 4:
syz_80211_inject_frame(0x0, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:00 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:00 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @remote}, 0x10)
listen(r0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0) (async, rerun: 64)
sendmmsg(r2, &(0x7f0000002300)=[{{&(0x7f00000000c0)=@generic={0x22, "cb0f4503fb8699bae3448957742b8bc5d8de980100e01d6783f9afd9af746347d463a1d22f0ba902980b22679ab893ab18f88dc42ef666bfcfbd1ee2dc898a8f84fbc131192442cca7c25ca950a5b7562bc68b65e27d5e540c1dac5ae392417ca6546bea176ecfddf7fec24e1792552570f1e6f3e1b7f2d2c4d108c48b8d"}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000140)="cc5ce0626314fe654ab349e0cab2ae9f0edc7c2a7a16eb8805da6fcbd106484132f1648b047c199ef401bfb7a166fb280ce9d1479a404e7bb8bc4e031238603c1d69db697e50b697fc70dcc1ec00267d95ad5d9d7355", 0x56}, {&(0x7f00000001c0)="cf11678bdacdc4111ba8512fde8d3d2ffda6c4f9450bc9c25bc07877328bc56da5dcdcad2cd8a67257751096af87d69ca49004905538e8d83894bbaced8f9a315d405db6a0c1b765bbdbf64d95730771e9780364bb825e50ebaaa801389549ad0071054e14683b79e3fc21d82fb19c832e0b1aead2b0acfa52dba36d5f20e333ea92c8bfd9", 0x85}, {&(0x7f0000000280)="08bc89af12741cf7896105ae603f190f84247166dc2d15b41a5d0ba6687cf92c371f2d1febbbde8ee98f40e2fe70724cb0a0f762da5f6d687b781af2bb1d25a79f2ffcabe6e707221f9ae399fec466ff1a98a69e35359a17fc253b80a89eef81bc79c963fb10989b3e7ec1dac0d76621480709bdba3eea0161b4aef48fa8cf3a", 0x80}, {&(0x7f0000000300)="b7f4bea56925201e762aa0ec7ccd215bf3b721b55b5b2ac854", 0x19}, {&(0x7f00000003c0)="3c7a653799a46db6cef384c284696254f990bf60eb6684aab2fe9ceeb03387b5d2850cfdc88ed9da512a7dd1a1f582711859a7dca768a8030e98838f10fb97f23ab6894fa569927de64ce19f1c1a71fcfe9c84e01c10a35451ff49a0e5f917b3a781eb9687b1e977585f7658a19e7282786125230da9c14ecc6ceca9d9110212491b2d270971fe94af6cae09239ef54027229ddefcdc099ebb17741ec5ddc0a28b70f36c9e253709be0e33cf45b947830725fe8308c89241eab4601689ed6aaf7e6ee9769d9cf784b2aa514aab718f92d139ae4c8e3404d42429e10eac49", 0xde}, {&(0x7f00000004c0)="01aa6b1dbc20889e4b427f60a32eb6acb6b5b530a37dc380d9f1f124be6bd2dde15825d70c5616b61a13cc2f509413c70ec2ff78e71f25731df696fbe5a580bed5f93db0a1fe811b8ebf89efd6b01c622f228053df025fa9639109ab6fba938dc0aad7bb35a5d701b55c7cd41bc5594efb2e0081302fff22c3288ecbf4c1e35473ac1b8fa3e73ff9e103d9f51de1efec3c3c9883164c1ad598bc2df86255d73e545773b981b03237447051655c6f53fef4c32f609fbaac952172fc1d8cda6f242344", 0xc2}], 0x6, &(0x7f0000000640)=[{0x78, 0x108, 0x7f, "1460ccbf086af451d6f2a9c632c88bc4aead957de48acb4bba0f77c9077a34a2df4f52cbb2ac9e0fb5f7b2276bbbcaf066cd37491392bdb369c30d1dbc625463f90d467d2a88041765353a7ec8d656dbb3609b17aa9fe21abc8af0e9256bec7687f65b0da76d12"}, {0xe8, 0x10f, 0x8, "25fb8880bb64f1ded056d24bc6c8c5deb7f8ef8cffe2d03cb41897a6eba79c48da7411846b85c98107334b5b3660af1c9d8fddea01332b7db1e8dbf901d4b332c8a4eee7fef2a686acf82e49ba7413d39781144e993d96d0b30d7dd2b474f93a05265cf19e4452695e227bd36e31e531ffdb6184becabbd3804cfc4faa0a87436899f21ca1f876c08e178f88d80ba8036187b103ca8c16661657072a323cdffd9b12b53661c96aa977911b49aa29b1e8bc5757cbb0f7b7f594207adb509561cae9c1516061194d19d996a86892de67cf63aa40e7ceaa31"}, {0x1010, 0x88, 0x1, "327d86e89637e6abef8101d0fb545fbb292e589454433146785b98a3dad6ed259353915a17632601050460104f7d8d665aff5ca4e445008b196d770ec87231fb7418772a4b254f9c57464e52a25d51797df1d4054576bba6c69f1e3918b9d5f3aae5f3a11b46f8ad017ceec11096b3aaafc3145a1be83d81919daf078f6e5184397f956927fc1fbf8abd9a35e497798de428bc9b01d55b15cedc0f612fdbbdec34813885732738a89c11569da53887c499c9f13f6421058c83d872dd4bb8c393046ef0fdac8fef5c3439f6166e797780b25ed00bf98697a2d9e6f387ff8125a13d078903f567095af090cdd94459912a887cfdf5838b49366570178cb622dedd1223cdb494dc8fc1a52b8ab3afe6a89c573be77a396d298f72214a8d94aa02f5380db924df0e52a90f7fd6cc46ba263ff045ff306acd5bd92970bf2a01b54bc4af6d921a574e090ea9d5cfcc71c18077789ea07c41b05a8a1b1f1da42d55bded902790b61f0101ac90eb0a0ab09fb030015153067d71da6d7b4192bd02e7bcae322f7f794cfab99354dc6477cd6e264973c57f783964b0385630a941d12d71ed9e6994416583dd8f60291370104b794dca1e826cb1f1d8208395132a51d8012cb380c7e4e6ebcefdbacc93e7f11f5044a852072e937c43fcd907ed6b10a97e9edda4fc145e63e4ba1ead55246d30800103c1c554bec8e855573f3bd86188c12b1da51df66c431a60c5ee482334ba83658e16ee59cafbf3e7c9d05ec693ad82ba528e9cb1e5e3e4bbaabbcc733e7c66594c03beb0dcd4a27224ebd06c2e10a3e79150a7187d83a6f28192029e92d019f504973c3d4b287dabdc681da2144159b2f4ff8637b3275c490c1cef18f88c10e71ce8bbe4f951477908288fe5e19dc5448392ac6b6aa473df71db52e13b904d17ad8fd363bf4c86d300cbeb2ceafe6a9a61ebf0ca9d8900077ea5824b9e23a6eedf736fd9b82029a32e7e632b29e53f2433bebf9eb2a99fd99c725723c10482b0f0c7dbe3cc236c5f9b69d3235542a389c43dbc2f2ab33ccdba733cd203893663c7993ffdeab978b3962d0e84002a1db5823c47397bf6708467addde111e84c5af40ee5821871cf9d3938cb94dbf84d88d47f139ae9ba572820c0e6cc3f0b2e3518229a95377d85bea19d42cbf4641ea460d607b318e52f9303f2c414c5c03b2c648f462aa4c7b90b62991eb9c071ae2b19d24cd119dbea23d7661bcd89bcddb1eddc7ac0a4ddb6ce6a56a984c3fa8248f5d50d9af34cfb57f8def5d59f07ddb68a82c21638c67d9d4f310653978654fd843fa92bb1c85a2fa9d0975cee6a76e3380267317bf7131c279c49b0a05c11361670298fdbb9cdb98f398913cbda15407686c43d0f8c161a1a2f2f590b7eb2b5e06f4027dd86b6c13cffe1a1917b8c174f44b6f693dbeb93fe64b50eff7577d5cd5cdba480c849d9dca99e1ecf7a78e8d404a8f82b5417f41a7ad82eb91215ffdbbcf2cb6ee66f8a69cd20bcb42b3df6dbdbaea7172cb7302f0d2bf776bea90cd91436f8f91c37a36bf7c2affc75652165262ac67c013a86d33eca259c86eb58d28186b26ebe287ff9abbc537344d63d41072b16cc0dc2b3f3352daf7b0c76303f8a8d5fa48998618936c9e8012a54ce4cb385e96f96be1f42c84a24e643ee6f07319a4099deb8ff2f51cf9824b07c5995c07df5532f733797c773ac9d481d6ae2bf3a1a59d7401f3817b4423db1432d1fd15523e02332d5e21e1e6ab1901e98d222f12ee1836c88f66c106ae958956044b4d2ff746359b78c282ccca0fb16ee033f0f548094e36a3880af5332a56456493c3693c5aa6b775840d5c8040e9eaba694a25ba2ca2db366719d99333cc205c7b69fbfefda460af43df175ff57b50134980bd85a53fa72a46bdf2f80ad2171a5181221b272cfced17a7bc3da1a2ae75ead5fa6bded85a133b01fdb0ee9e0e067b7049e243d5b62b8c440974bc1cdabbd55a215d12435e374da016dbaa9418f52d920c4dd29473affcb02be4c1fceb4a454679ece9f29c11107dd0fe4217052fe4d5c3e0752ea1a984e0a900ad2db952be19296d03e524b9eb395fd687bfa0b465c80dff810a5ab75e29c783dbffa39032c6c4870db7b2bb4d8f4bd718e46a81a95382af45e20bbbafdc0a7f13e561aa0eddf84c8ce92038724841b3616de4ef16a718a4b93b00a06823150b043dc7ac673cb124c9364fbb1e254a0a2194e14316ad1b2e8b9e548e296cba818e5f1a37408dd7c46a59b830ad5de83f18b6f0546ea8f9eb446e6f8d65979dfa4f782eecd81bd93e9fb4cac786f994a3d5202ffec06a68bfbd4e2a01b0bdfd9ed23e9bc9c5a83728493c7c52fd881f4c389b7a8876bfcb941885464f09fd1782b63b61ba489d219e114cdb331c17aff33b24134dacf1ae49f0825fd00db2d7a96d07a42d484ffcafd30d2e3c654a27ed5e1101d9d57f85ea493f14680cc621009dfab3995d4bc246890712ee23fca9da2918e46ed8915dbdf2efabdf4fffddb0160fd4edab5d5d108ac5d500d8a96e5586d98ebdb1de333b33c062acafbd022645481c10d2b85cb628cb3e822bbc56e02f471fc4b1b96ab357f68471acf4d0530c1b121372398b2365441dbb5f301b501ad453658470851e0a05d28ab36a17f7f07797244553e0f3297b01f7985adab85094ecb2b0314823d5573a4ec4d379d59dcfda8938f62485529884812b9a51215b028b0723c1a724dca9ebb02214e804c798aeb409244570d3cfbf9d0d0cf51254dd45c33b6ab858bb0e39e2dac8555195e9a9fe13a76d7d225aa59ae20b73b6377b1e2fad923240859928ba806ecee3fa28ccd72406cc982d976662082391cba4b6efe13b599994dafca70fae4fd17bc7046339a5427e47a08f00cc4d20ee2fd71b3fc9b37f4dd24f3c7f59e181aa0b83303c4cd6db3b3710687a5dd5ff8399e5e5fc81e8d0a7ddb073729cabe33022efc2d7428b7640687b0aa1d1f0f8dbe947769ccb66f4d8d11570ffcd8769bf2f358c7e52437cbd02072a3e54d2f51d8965e566addb6e08aa2e2a2b7a1aad65def6183153ef6156015a250248741edd9b6a7f02f1265424a023a716bdedd61bdf807549db850b96018e94ea891e1a4400bbb7ed1d6cf30f89df334d1524ab07449a73ca2ddf0499480d75d5b0dc7f7c2a71b5e86a688c671acb4c5c6648df9a45f4c334d3c7d4ba8b7cf1ec2642afab077f74b13386efaae52d73e6705f1fa658070661388e6ce7aae1a62fb3275e331cafda42102b539c6eda005f1e8f14ca5b277b388819b01f10df7d68d4a4196ef81c851a11bc5cb5847634c07713f6f01184a98f49cdab2720d4d361a68955bd694bc431afd3e934335826e9e1c1cea8e1f92c544828c40563a6fa81d866e5bf3608b43a202076b7f0d279d6de01d52b52c171f64966281421656cbc5726619d852605dcf30d5a24bdf7ee96bf4d4461e9b68c92753ab17799e4416275edf93636a3d3dace4c0a299007511f9df32612348852ec32614df62904e12ad57fff6357d987367a5f17387e9f47c4aa94464509ea5c3f11608d01b9a34fcd8800aa00e5588fda58a56ef9973568b21e3b3aa462902e28ba57cc507ea4dd10f38d5431fb355cc9ac9336b5a2b92b990a8b7cafd90649d865c798d0bec97f9b3119f2db01c6359ae61a4bf094ba0827f94362fd6910d95c3e1888f4e31bec96c8aab5c2a4d8748aba93574ff22d8be31fe66ad1846daefdd6f25220e4c268f32702bfee7ffd38e617b776a644901654635a00e1327634f1110b6bbdc8595cc7acdd857f0148bdf3df2a0e05d4a4e7f9683a56947d57fd5868795dc29fb8a9b087a8193db9605357f97a03929d0ae40ee9ef9d286bb322361e4b091c30ca45a5e29300bf7819fef0b79079f81453305b4582d5de69701adb25dbb5189293a18048b971e1bf88fd5d6565952d3560ca0dbb6e1c79815a925b6f643b70782c1ff1c0388f3b602a8d3b95bd67563fa1f1e235ae8498dc7eff7a98b13c7ec3288edc6579f7a7218eeeb430e22eb39bfb25e5e410a448dfd50b1962bad4c77d96962e6a98ee7a6cddc21ce32db36e1267025cf5e8410dc9ab39ad19278b0231a84d4f0a6e2987716ebfcf293a8eb0fae51177724bdd0b15eb35b10fd7d69785b208faf87cc9090dc78056bd6dc0f0340d19d3eba3dda6f3aac807c18a413eeaa8168e72cdf7cfd04189ad3c51ad812ac6a29b7256410b36d5c49b80cd7f7739878cbc65df9ed3212ffd526694f2f9feaa9123a7c7be6380ea103856efb49b6d710f8771a7106af47f5d0de88ff06310812a60dd8d2b5b984c1b728816ed2f1176c34ffbb494532d653550a7798dcb87d93bade4f64ab3c3b306bface3a3805b10dcc7523501ec7253b569d9afe9ab1e0afd3970bbcef1818dce0014cdf3e866ebc8ade68e2189915faf63bec1b46bfce648a459954d510a8b068c64bf7e2212ff77f5ea4a2a3c331664d6404fdd3dbb5d3157ca871df29dbb372586c20b4d8a7a8052816526ded15b861bdb4bc87b418de9f23e6b7a2229d713be6f4662a40c1093e27e9166727f783582ab18da436c668b2674ed9f7c2d8f3f609f8e72924393b9c99e2244c1086fcbdc52f763c4175fdbf01676c0d14966210e5dd242cb434b723df13d36cfac3eedff5264e59940457a67c1d83b9db2f1c7b5873652902bba31b208e6bad4cbeba404ec9bb97a3a0575bd3f98dcf0064fab539ba085be85cd8f2e40f5a5b2ddb2b3be5016dbc7e39b6c125a38036b5c8d3edb459ec88c3ecf9b35e2e29d7e7a8edb2375b9eb294930f9740c02f7b2e423bb1ec7ea423c880cd818ecd8d0ad8b87c69c49dc15bdd404e1bd946ee306ab22910d877cce90664a39a6c1b23e3f818c7f7817a575a738a060647335bdf6b3dc64e8d6a0134601d7ac549b2cd5d6fffbe406ec22b4751b1e7d99dabf9f301da9254eaa361b0beba9a59594ae7510daed4e589b2e4f7d87650b2c157b3d5aac3e20cba4298ee986104ad47cdf7fce98c9bcee7c1ec276c86d1f5dd1ded43a6a6446af7993a3c04166d3fd25b9980bdf3c9ef40724b78d56ce55b41859f1e1ba808724d26c02e301c6c1eb9cce6c0e2003a211e89e9a846916e126e60f5936acfdeb1aae14b23948e312edc97aa307eaa99b176b45f1e90d692068b30e4e35ca95f1634a52d90ca01c80e528a05615181984628855b5ca05c3babd0f279c94508247637ffd5c70ceb0dc43e2a64b556a509c7aad7117ecab5373aa5280b3cfbd4f8c94360b8dec93014e46e294cf4f46634023ba8b1c002c5a8c05e9d88de062068858c66a54c774931457e404fbd256828f758e8773d6592d01602ca2a102dc1212c52aa66bc9f807c79c913c5a0ea63259fc177c94c0777012893fe701a9a5bc882c24dec2de976c4f8def484143b29fe6e1c843e70036cc8d58dac535c59b1e9d2e8289c6fb110097e3d65d1afa51766cda2c36302a42edb6e8626dafa5744111fff43b59edcfdb54e2542ccf05658aed4d8f83ae028eb35ad4c5f5085609a25f124dcdd62da34f2b395f7de30a216eaaedfef3dd131215c9b07e05a06c64c37d20031e043b8784f20ba2b4da7a471440978a5bc5400c3ad3267bf611a7e2993be209760d56ac3699669cf00f3e4e9873024e2134d71d8c755a59ea47a3730172081dfcb7941cf46368eeca7609782892d224dc1828dc5640b8b6c70ba704e79016e24d27da2082c3c3225ae2328f4b8a2a7a905da46a587c3ad24f230deb1b2b209"}], 0x1170}}, {{&(0x7f00000017c0)=@pptp={0x18, 0x2, {0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000001840)="d8e786efcd7de9127e34fc2b9ec6222075fd610b2d977385cc1f74e602c3cbd6f13b7c728723200f3ab2fc64a9db233b7d23c387f312f8e0eb6b2124aef2926b138572969bc3a66e13353ef6962b0809e5e00e79298a66646f54b3cfbf8f33383416f9d9aa8937d5a01e6eed9d401667eda13c07006d555bead926d5278bbe80b0beb8768322eeebc4c851e231f189c912f0dfc418db0a7280b5f0acfdc9f5c74db25c9c", 0xa4}], 0x1}}, {{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001900)="4e39e61ae0aa00f6fccf763fa6dc3b6cd67d7a162807b5ed69bbf9c12cf814ce6e9a8aa335f022c660791624d980a29c33da43d2653d61a9f721bdfc025f87ce0a5b89f5edf919e79712b3ed5aba83adef13429be8643f620082df289ce93a0c870f15cda2f3950cef18c5d6d189bb9a8ffbb5c9ed4a852a232c59e91eeb89bff5627c8cde9b9126df9826e498d987ba7366d16f22ac98bd1f5075d545cd195498e9a6d087ef27c09c9509df2aac8439abbf6bb9b55c4239bf63fc728e00df05c4d93ecd990ae3bb103f772bfb38a2c29cc90bc63c42e8f881181f6d98", 0xdd}, {&(0x7f0000001a00)="248a75b1004ca015102557fae726a4f03d18df3de91a97507aea09ffe650e390259eb05feda57e557386f2deab1323a3ffabd4eefb3ab1c64333a177708620f4e5259d354276ae5a5fadc57166e94c14911bccf263970aa1f0f43736bb39560d609c70aca1653146937e51e2de16adf8a7d1b12e9492745017ae3334cd2634c47c3549d08790c4d7e58aaf02755e6cc7d2eb1aa13a12ad055b681933fba3065ea3bb38e7ee9b6dae1fdccf009223c5cf647c2629b1", 0xb5}, {&(0x7f0000001ac0)="d8914a30a74303f23cb0b1add07e8cb217bb86bac2db0af724e74b4ba86e76178e197e1c5d5fa8afd772e18b2eb2be4e6756d7813fae75c50787a414bed586564234608766ae34076b78ec47445f066feb931000580432ad64161ce0c486be37b0d4cbc50e1d659a866821e823ca28", 0x6f}], 0x3, &(0x7f0000001b80)=[{0x100, 0x117, 0x5, "93039f58fffcbdc77fc98210413fc13cdb9c76b8c7b189fd614aadf51b70e41de6012e25de819cb1352f3a2f4683a496045376cfb9cbfeaab6712a020a2a9238fa54c2cd8a923a273451f3fb328eec91d9948971208deed91109920b42f74c72d73d7e2d93de4cdbfa8a2cdb615c8f50915dd90e7f718cf2b49e403938e68d9d25504565cfdcd8d1601af2d02bee721322cab863818b7fa5eb2af0f3057e4b9a1110e18c34f6e423a4fde892073ab5ed3e3e7b652f53f04fa519fa37ab8c3bced6b3dde17ac040f56dc86d6a28841483b050fb66ef6919f860ee68a86d3de70ef3dc1d25bf616856cd"}], 0x100}}, {{&(0x7f0000001c80)=@vsock, 0x80, &(0x7f0000002040)=[{&(0x7f0000001d00)="b3f6719256115af221d6456604e8757677df6e4e40c78c8d826bf377beaf977728b900228c1ed94d05fe7ec394f7d1e71e220deb00d17f9022e46986163f4a357c83d7da1f774825c18eb09ca3f0bac3cbe5fa99014fa0bb897fdd79a935537c71e53b57f5f3a7067ce7cb8b5bcca4c2055e6031fd7731df2d8fe98698dddb584fb2c5479fbdf62e4ef2e79cfeca02b6a7472c0aaba0d6a8932f035696d8e420beb6e80d1399a2dd1d06a6971bd011b5c04ccc20ef6d294f4ed2", 0xba}, {&(0x7f0000001dc0)="c617e3f85a8211c4ba7e22dbf000ec43d6cd4987ebf3ab779ef3e4732a6a4461fcbd4ac1d3183398d1e64eadc5557cbfd4f83a99c03b64e0a4581feab78d7f8e34e1461c2b32d8697db2e25690124504d5744bd611561a422d833b7e4f8904b46b3f4cf7b78de314484f31a241407ace01e4f7fe8e673529f796c6944a5d8533808be2e87726409864e89c70e66a28bdc71315fb8aa03c74a6df690ee558d9ad1df50b313a20fd4c510472a41d827cd1a8321144f0afbd683632694358844244227e2ebf67a90d2619e815fd139018ac765f770a85e1ff77e6409bc552455d6cb89500615eb956", 0xe7}, {&(0x7f0000001ec0)="69e08e83c523206a1e48f308dc0945288e6ef79b2f083b5e008ed2555f2b316475c12610a9037aa563bff3e4aeec26170d726d4edafac2485a3b3c8933e5b0848182997bafa931d9961b22ed0b03c3c05861d0900ee0416077df84ea2c57e622a3b9fcc76f0cc22bc56ac1291a6b71b768d094ce8eab3329649b7b2b5052eeb9bf0a540366e52f2c7f41657ffb4e3ccc63b552913ce0be6afdf05f7dcfdd97357ed488267baaf3e2f438b6e97f0a2f6fd04040d3b1838a81c70c6d1cf64dce990140544b5cc122936dea", 0xca}, {&(0x7f0000001fc0)="c5d9df87dd9895412c69205aca44133cdc42833867c11c193915099c50cc52a9dfa6a90af9679aa757f6acdcfae15f0176bf0c022976eee94e267b60e65bf8bba6ad7153e8be072cfb779ddc04834bfdcfb14ca5763a82f6fcadfd635eee0353d6", 0x61}], 0x4, &(0x7f0000002080)=[{0x80, 0x118, 0xbb6, "e25565ff5a0a4ca4fc79efa2684735d3bc5818b085ef11878d52984d042f01a5a5a1dd5f0767abdef2f620c4aca5d99980357176e4d2af3524a6241fecd2edd4e9939258d1811264797cb0508e27a3ee46d22de974986563a379ed525a9817cd348b7a290acf5110d8f803be"}, {0x18, 0x1, 0x4, "b5b08c39fe206a8e"}, {0x98, 0x0, 0x9, "f8d558d962885f24d10a1751c95800c8006e8b2478849eaa150a81c91d12644311601ee932793c3473081882c5464f99c5f7f114760dea0dc8421af1648f586e6b0ca7679b1ed4a856291ae7824f9c074431ad9b0659450cab1f16706b3bd8d52e89e1cdb441b334011a8ffefb7cc7187adbbcca08fc2a6cbf720ea595c2591ee655dd7af783"}, {0x18, 0x10c, 0x6, "39fdda4e5b"}, {0x28, 0x84, 0x8, "32f2ac9a8b55e03946cd3410d4fa376fe73c"}, {0x108, 0x10a, 0x2, "97878ed629da876518049bbf14ebf60600a6ab7cd4add3b8ecd9c10d5373c754c6652342973c39950f40659bdb8d8ded4aba18af937050d888a9571b4497da6f1cfdd11478db51a4bf4985fac4b425e35a2fe1320baf5c70d404b2da4dde90156b54303e2ff47fb0f0a474d2db7779bfd45b59f222ad0f517d660256d369f1dda0a940f1437cb930a8fdf6171a7c98835bc51513e2f032181484926ba34158696f32de10bf9bb21c4d24681f1eeb32fcae06ad6841f5885325e0f01df5b73a82511a14b6dc22172b891cb1dcd116c96c753f3c1a50cac350bfdaf9fa7276afa790a72f069d809ae336471764015df10ef8ae60468acf"}], 0x278}}], 0x4, 0x8000) (async, rerun: 64)
syz_emit_ethernet(0x52, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xc, 0x2, 0x0, 0x0, 0x0, {[@eol, @md5sig={0x13, 0x12, "ce79387d5c4e9d553755c88ff52509bd"}, @generic={0x22, 0x9, "06dffeb96a6289"}]}}}}}}}, 0x0)

01:36:00 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
accept4(r0, &(0x7f0000000040)=@nfc_llcp, &(0x7f00000000c0)=0x80, 0x80000)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)

01:36:00 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x0, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  489.790463][T14322] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  489.812306][T14315] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  489.974643][T14334] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:01 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, 0x0, 0x0)

[  490.272969][T14337] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  490.318874][ T3603] Bluetooth: hci1: command 0x0419 tx timeout
01:36:01 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, 0x0, 0x0)

01:36:01 executing program 5:
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:01 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0) (async)
accept4(r0, &(0x7f0000000040)=@nfc_llcp, &(0x7f00000000c0)=0x80, 0x80000)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)

[  490.665191][T14339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:01 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  490.857330][T14342] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:01 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:01 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x0, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:01 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, 0x0, 0x0)

[  491.146519][T14352] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:02 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
accept4(r0, &(0x7f0000000040)=@nfc_llcp, &(0x7f00000000c0)=0x80, 0x80000)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)

01:36:02 executing program 5:
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:02 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @remote}, 0x10)
listen(r0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0)
sendmmsg(r2, &(0x7f0000002300)=[{{&(0x7f00000000c0)=@generic={0x22, "cb0f4503fb8699bae3448957742b8bc5d8de980100e01d6783f9afd9af746347d463a1d22f0ba902980b22679ab893ab18f88dc42ef666bfcfbd1ee2dc898a8f84fbc131192442cca7c25ca950a5b7562bc68b65e27d5e540c1dac5ae392417ca6546bea176ecfddf7fec24e1792552570f1e6f3e1b7f2d2c4d108c48b8d"}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000140)="cc5ce0626314fe654ab349e0cab2ae9f0edc7c2a7a16eb8805da6fcbd106484132f1648b047c199ef401bfb7a166fb280ce9d1479a404e7bb8bc4e031238603c1d69db697e50b697fc70dcc1ec00267d95ad5d9d7355", 0x56}, {&(0x7f00000001c0)="cf11678bdacdc4111ba8512fde8d3d2ffda6c4f9450bc9c25bc07877328bc56da5dcdcad2cd8a67257751096af87d69ca49004905538e8d83894bbaced8f9a315d405db6a0c1b765bbdbf64d95730771e9780364bb825e50ebaaa801389549ad0071054e14683b79e3fc21d82fb19c832e0b1aead2b0acfa52dba36d5f20e333ea92c8bfd9", 0x85}, {&(0x7f0000000280)="08bc89af12741cf7896105ae603f190f84247166dc2d15b41a5d0ba6687cf92c371f2d1febbbde8ee98f40e2fe70724cb0a0f762da5f6d687b781af2bb1d25a79f2ffcabe6e707221f9ae399fec466ff1a98a69e35359a17fc253b80a89eef81bc79c963fb10989b3e7ec1dac0d76621480709bdba3eea0161b4aef48fa8cf3a", 0x80}, {&(0x7f0000000300)="b7f4bea56925201e762aa0ec7ccd215bf3b721b55b5b2ac854", 0x19}, {&(0x7f00000003c0)="3c7a653799a46db6cef384c284696254f990bf60eb6684aab2fe9ceeb03387b5d2850cfdc88ed9da512a7dd1a1f582711859a7dca768a8030e98838f10fb97f23ab6894fa569927de64ce19f1c1a71fcfe9c84e01c10a35451ff49a0e5f917b3a781eb9687b1e977585f7658a19e7282786125230da9c14ecc6ceca9d9110212491b2d270971fe94af6cae09239ef54027229ddefcdc099ebb17741ec5ddc0a28b70f36c9e253709be0e33cf45b947830725fe8308c89241eab4601689ed6aaf7e6ee9769d9cf784b2aa514aab718f92d139ae4c8e3404d42429e10eac49", 0xde}, {&(0x7f00000004c0)="01aa6b1dbc20889e4b427f60a32eb6acb6b5b530a37dc380d9f1f124be6bd2dde15825d70c5616b61a13cc2f509413c70ec2ff78e71f25731df696fbe5a580bed5f93db0a1fe811b8ebf89efd6b01c622f228053df025fa9639109ab6fba938dc0aad7bb35a5d701b55c7cd41bc5594efb2e0081302fff22c3288ecbf4c1e35473ac1b8fa3e73ff9e103d9f51de1efec3c3c9883164c1ad598bc2df86255d73e545773b981b03237447051655c6f53fef4c32f609fbaac952172fc1d8cda6f242344", 0xc2}], 0x6, &(0x7f0000000640)=[{0x78, 0x108, 0x7f, "1460ccbf086af451d6f2a9c632c88bc4aead957de48acb4bba0f77c9077a34a2df4f52cbb2ac9e0fb5f7b2276bbbcaf066cd37491392bdb369c30d1dbc625463f90d467d2a88041765353a7ec8d656dbb3609b17aa9fe21abc8af0e9256bec7687f65b0da76d12"}, {0xe8, 0x10f, 0x8, "25fb8880bb64f1ded056d24bc6c8c5deb7f8ef8cffe2d03cb41897a6eba79c48da7411846b85c98107334b5b3660af1c9d8fddea01332b7db1e8dbf901d4b332c8a4eee7fef2a686acf82e49ba7413d39781144e993d96d0b30d7dd2b474f93a05265cf19e4452695e227bd36e31e531ffdb6184becabbd3804cfc4faa0a87436899f21ca1f876c08e178f88d80ba8036187b103ca8c16661657072a323cdffd9b12b53661c96aa977911b49aa29b1e8bc5757cbb0f7b7f594207adb509561cae9c1516061194d19d996a86892de67cf63aa40e7ceaa31"}, {0x1010, 0x88, 0x1, "327d86e89637e6abef8101d0fb545fbb292e589454433146785b98a3dad6ed259353915a17632601050460104f7d8d665aff5ca4e445008b196d770ec87231fb7418772a4b254f9c57464e52a25d51797df1d4054576bba6c69f1e3918b9d5f3aae5f3a11b46f8ad017ceec11096b3aaafc3145a1be83d81919daf078f6e5184397f956927fc1fbf8abd9a35e497798de428bc9b01d55b15cedc0f612fdbbdec34813885732738a89c11569da53887c499c9f13f6421058c83d872dd4bb8c393046ef0fdac8fef5c3439f6166e797780b25ed00bf98697a2d9e6f387ff8125a13d078903f567095af090cdd94459912a887cfdf5838b49366570178cb622dedd1223cdb494dc8fc1a52b8ab3afe6a89c573be77a396d298f72214a8d94aa02f5380db924df0e52a90f7fd6cc46ba263ff045ff306acd5bd92970bf2a01b54bc4af6d921a574e090ea9d5cfcc71c18077789ea07c41b05a8a1b1f1da42d55bded902790b61f0101ac90eb0a0ab09fb030015153067d71da6d7b4192bd02e7bcae322f7f794cfab99354dc6477cd6e264973c57f783964b0385630a941d12d71ed9e6994416583dd8f60291370104b794dca1e826cb1f1d8208395132a51d8012cb380c7e4e6ebcefdbacc93e7f11f5044a852072e937c43fcd907ed6b10a97e9edda4fc145e63e4ba1ead55246d30800103c1c554bec8e855573f3bd86188c12b1da51df66c431a60c5ee482334ba83658e16ee59cafbf3e7c9d05ec693ad82ba528e9cb1e5e3e4bbaabbcc733e7c66594c03beb0dcd4a27224ebd06c2e10a3e79150a7187d83a6f28192029e92d019f504973c3d4b287dabdc681da2144159b2f4ff8637b3275c490c1cef18f88c10e71ce8bbe4f951477908288fe5e19dc5448392ac6b6aa473df71db52e13b904d17ad8fd363bf4c86d300cbeb2ceafe6a9a61ebf0ca9d8900077ea5824b9e23a6eedf736fd9b82029a32e7e632b29e53f2433bebf9eb2a99fd99c725723c10482b0f0c7dbe3cc236c5f9b69d3235542a389c43dbc2f2ab33ccdba733cd203893663c7993ffdeab978b3962d0e84002a1db5823c47397bf6708467addde111e84c5af40ee5821871cf9d3938cb94dbf84d88d47f139ae9ba572820c0e6cc3f0b2e3518229a95377d85bea19d42cbf4641ea460d607b318e52f9303f2c414c5c03b2c648f462aa4c7b90b62991eb9c071ae2b19d24cd119dbea23d7661bcd89bcddb1eddc7ac0a4ddb6ce6a56a984c3fa8248f5d50d9af34cfb57f8def5d59f07ddb68a82c21638c67d9d4f310653978654fd843fa92bb1c85a2fa9d0975cee6a76e3380267317bf7131c279c49b0a05c11361670298fdbb9cdb98f398913cbda15407686c43d0f8c161a1a2f2f590b7eb2b5e06f4027dd86b6c13cffe1a1917b8c174f44b6f693dbeb93fe64b50eff7577d5cd5cdba480c849d9dca99e1ecf7a78e8d404a8f82b5417f41a7ad82eb91215ffdbbcf2cb6ee66f8a69cd20bcb42b3df6dbdbaea7172cb7302f0d2bf776bea90cd91436f8f91c37a36bf7c2affc75652165262ac67c013a86d33eca259c86eb58d28186b26ebe287ff9abbc537344d63d41072b16cc0dc2b3f3352daf7b0c76303f8a8d5fa48998618936c9e8012a54ce4cb385e96f96be1f42c84a24e643ee6f07319a4099deb8ff2f51cf9824b07c5995c07df5532f733797c773ac9d481d6ae2bf3a1a59d7401f3817b4423db1432d1fd15523e02332d5e21e1e6ab1901e98d222f12ee1836c88f66c106ae958956044b4d2ff746359b78c282ccca0fb16ee033f0f548094e36a3880af5332a56456493c3693c5aa6b775840d5c8040e9eaba694a25ba2ca2db366719d99333cc205c7b69fbfefda460af43df175ff57b50134980bd85a53fa72a46bdf2f80ad2171a5181221b272cfced17a7bc3da1a2ae75ead5fa6bded85a133b01fdb0ee9e0e067b7049e243d5b62b8c440974bc1cdabbd55a215d12435e374da016dbaa9418f52d920c4dd29473affcb02be4c1fceb4a454679ece9f29c11107dd0fe4217052fe4d5c3e0752ea1a984e0a900ad2db952be19296d03e524b9eb395fd687bfa0b465c80dff810a5ab75e29c783dbffa39032c6c4870db7b2bb4d8f4bd718e46a81a95382af45e20bbbafdc0a7f13e561aa0eddf84c8ce92038724841b3616de4ef16a718a4b93b00a06823150b043dc7ac673cb124c9364fbb1e254a0a2194e14316ad1b2e8b9e548e296cba818e5f1a37408dd7c46a59b830ad5de83f18b6f0546ea8f9eb446e6f8d65979dfa4f782eecd81bd93e9fb4cac786f994a3d5202ffec06a68bfbd4e2a01b0bdfd9ed23e9bc9c5a83728493c7c52fd881f4c389b7a8876bfcb941885464f09fd1782b63b61ba489d219e114cdb331c17aff33b24134dacf1ae49f0825fd00db2d7a96d07a42d484ffcafd30d2e3c654a27ed5e1101d9d57f85ea493f14680cc621009dfab3995d4bc246890712ee23fca9da2918e46ed8915dbdf2efabdf4fffddb0160fd4edab5d5d108ac5d500d8a96e5586d98ebdb1de333b33c062acafbd022645481c10d2b85cb628cb3e822bbc56e02f471fc4b1b96ab357f68471acf4d0530c1b121372398b2365441dbb5f301b501ad453658470851e0a05d28ab36a17f7f07797244553e0f3297b01f7985adab85094ecb2b0314823d5573a4ec4d379d59dcfda8938f62485529884812b9a51215b028b0723c1a724dca9ebb02214e804c798aeb409244570d3cfbf9d0d0cf51254dd45c33b6ab858bb0e39e2dac8555195e9a9fe13a76d7d225aa59ae20b73b6377b1e2fad923240859928ba806ecee3fa28ccd72406cc982d976662082391cba4b6efe13b599994dafca70fae4fd17bc7046339a5427e47a08f00cc4d20ee2fd71b3fc9b37f4dd24f3c7f59e181aa0b83303c4cd6db3b3710687a5dd5ff8399e5e5fc81e8d0a7ddb073729cabe33022efc2d7428b7640687b0aa1d1f0f8dbe947769ccb66f4d8d11570ffcd8769bf2f358c7e52437cbd02072a3e54d2f51d8965e566addb6e08aa2e2a2b7a1aad65def6183153ef6156015a250248741edd9b6a7f02f1265424a023a716bdedd61bdf807549db850b96018e94ea891e1a4400bbb7ed1d6cf30f89df334d1524ab07449a73ca2ddf0499480d75d5b0dc7f7c2a71b5e86a688c671acb4c5c6648df9a45f4c334d3c7d4ba8b7cf1ec2642afab077f74b13386efaae52d73e6705f1fa658070661388e6ce7aae1a62fb3275e331cafda42102b539c6eda005f1e8f14ca5b277b388819b01f10df7d68d4a4196ef81c851a11bc5cb5847634c07713f6f01184a98f49cdab2720d4d361a68955bd694bc431afd3e934335826e9e1c1cea8e1f92c544828c40563a6fa81d866e5bf3608b43a202076b7f0d279d6de01d52b52c171f64966281421656cbc5726619d852605dcf30d5a24bdf7ee96bf4d4461e9b68c92753ab17799e4416275edf93636a3d3dace4c0a299007511f9df32612348852ec32614df62904e12ad57fff6357d987367a5f17387e9f47c4aa94464509ea5c3f11608d01b9a34fcd8800aa00e5588fda58a56ef9973568b21e3b3aa462902e28ba57cc507ea4dd10f38d5431fb355cc9ac9336b5a2b92b990a8b7cafd90649d865c798d0bec97f9b3119f2db01c6359ae61a4bf094ba0827f94362fd6910d95c3e1888f4e31bec96c8aab5c2a4d8748aba93574ff22d8be31fe66ad1846daefdd6f25220e4c268f32702bfee7ffd38e617b776a644901654635a00e1327634f1110b6bbdc8595cc7acdd857f0148bdf3df2a0e05d4a4e7f9683a56947d57fd5868795dc29fb8a9b087a8193db9605357f97a03929d0ae40ee9ef9d286bb322361e4b091c30ca45a5e29300bf7819fef0b79079f81453305b4582d5de69701adb25dbb5189293a18048b971e1bf88fd5d6565952d3560ca0dbb6e1c79815a925b6f643b70782c1ff1c0388f3b602a8d3b95bd67563fa1f1e235ae8498dc7eff7a98b13c7ec3288edc6579f7a7218eeeb430e22eb39bfb25e5e410a448dfd50b1962bad4c77d96962e6a98ee7a6cddc21ce32db36e1267025cf5e8410dc9ab39ad19278b0231a84d4f0a6e2987716ebfcf293a8eb0fae51177724bdd0b15eb35b10fd7d69785b208faf87cc9090dc78056bd6dc0f0340d19d3eba3dda6f3aac807c18a413eeaa8168e72cdf7cfd04189ad3c51ad812ac6a29b7256410b36d5c49b80cd7f7739878cbc65df9ed3212ffd526694f2f9feaa9123a7c7be6380ea103856efb49b6d710f8771a7106af47f5d0de88ff06310812a60dd8d2b5b984c1b728816ed2f1176c34ffbb494532d653550a7798dcb87d93bade4f64ab3c3b306bface3a3805b10dcc7523501ec7253b569d9afe9ab1e0afd3970bbcef1818dce0014cdf3e866ebc8ade68e2189915faf63bec1b46bfce648a459954d510a8b068c64bf7e2212ff77f5ea4a2a3c331664d6404fdd3dbb5d3157ca871df29dbb372586c20b4d8a7a8052816526ded15b861bdb4bc87b418de9f23e6b7a2229d713be6f4662a40c1093e27e9166727f783582ab18da436c668b2674ed9f7c2d8f3f609f8e72924393b9c99e2244c1086fcbdc52f763c4175fdbf01676c0d14966210e5dd242cb434b723df13d36cfac3eedff5264e59940457a67c1d83b9db2f1c7b5873652902bba31b208e6bad4cbeba404ec9bb97a3a0575bd3f98dcf0064fab539ba085be85cd8f2e40f5a5b2ddb2b3be5016dbc7e39b6c125a38036b5c8d3edb459ec88c3ecf9b35e2e29d7e7a8edb2375b9eb294930f9740c02f7b2e423bb1ec7ea423c880cd818ecd8d0ad8b87c69c49dc15bdd404e1bd946ee306ab22910d877cce90664a39a6c1b23e3f818c7f7817a575a738a060647335bdf6b3dc64e8d6a0134601d7ac549b2cd5d6fffbe406ec22b4751b1e7d99dabf9f301da9254eaa361b0beba9a59594ae7510daed4e589b2e4f7d87650b2c157b3d5aac3e20cba4298ee986104ad47cdf7fce98c9bcee7c1ec276c86d1f5dd1ded43a6a6446af7993a3c04166d3fd25b9980bdf3c9ef40724b78d56ce55b41859f1e1ba808724d26c02e301c6c1eb9cce6c0e2003a211e89e9a846916e126e60f5936acfdeb1aae14b23948e312edc97aa307eaa99b176b45f1e90d692068b30e4e35ca95f1634a52d90ca01c80e528a05615181984628855b5ca05c3babd0f279c94508247637ffd5c70ceb0dc43e2a64b556a509c7aad7117ecab5373aa5280b3cfbd4f8c94360b8dec93014e46e294cf4f46634023ba8b1c002c5a8c05e9d88de062068858c66a54c774931457e404fbd256828f758e8773d6592d01602ca2a102dc1212c52aa66bc9f807c79c913c5a0ea63259fc177c94c0777012893fe701a9a5bc882c24dec2de976c4f8def484143b29fe6e1c843e70036cc8d58dac535c59b1e9d2e8289c6fb110097e3d65d1afa51766cda2c36302a42edb6e8626dafa5744111fff43b59edcfdb54e2542ccf05658aed4d8f83ae028eb35ad4c5f5085609a25f124dcdd62da34f2b395f7de30a216eaaedfef3dd131215c9b07e05a06c64c37d20031e043b8784f20ba2b4da7a471440978a5bc5400c3ad3267bf611a7e2993be209760d56ac3699669cf00f3e4e9873024e2134d71d8c755a59ea47a3730172081dfcb7941cf46368eeca7609782892d224dc1828dc5640b8b6c70ba704e79016e24d27da2082c3c3225ae2328f4b8a2a7a905da46a587c3ad24f230deb1b2b209"}], 0x1170}}, {{&(0x7f00000017c0)=@pptp={0x18, 0x2, {0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000001840)="d8e786efcd7de9127e34fc2b9ec6222075fd610b2d977385cc1f74e602c3cbd6f13b7c728723200f3ab2fc64a9db233b7d23c387f312f8e0eb6b2124aef2926b138572969bc3a66e13353ef6962b0809e5e00e79298a66646f54b3cfbf8f33383416f9d9aa8937d5a01e6eed9d401667eda13c07006d555bead926d5278bbe80b0beb8768322eeebc4c851e231f189c912f0dfc418db0a7280b5f0acfdc9f5c74db25c9c", 0xa4}], 0x1}}, {{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001900)="4e39e61ae0aa00f6fccf763fa6dc3b6cd67d7a162807b5ed69bbf9c12cf814ce6e9a8aa335f022c660791624d980a29c33da43d2653d61a9f721bdfc025f87ce0a5b89f5edf919e79712b3ed5aba83adef13429be8643f620082df289ce93a0c870f15cda2f3950cef18c5d6d189bb9a8ffbb5c9ed4a852a232c59e91eeb89bff5627c8cde9b9126df9826e498d987ba7366d16f22ac98bd1f5075d545cd195498e9a6d087ef27c09c9509df2aac8439abbf6bb9b55c4239bf63fc728e00df05c4d93ecd990ae3bb103f772bfb38a2c29cc90bc63c42e8f881181f6d98", 0xdd}, {&(0x7f0000001a00)="248a75b1004ca015102557fae726a4f03d18df3de91a97507aea09ffe650e390259eb05feda57e557386f2deab1323a3ffabd4eefb3ab1c64333a177708620f4e5259d354276ae5a5fadc57166e94c14911bccf263970aa1f0f43736bb39560d609c70aca1653146937e51e2de16adf8a7d1b12e9492745017ae3334cd2634c47c3549d08790c4d7e58aaf02755e6cc7d2eb1aa13a12ad055b681933fba3065ea3bb38e7ee9b6dae1fdccf009223c5cf647c2629b1", 0xb5}, {&(0x7f0000001ac0)="d8914a30a74303f23cb0b1add07e8cb217bb86bac2db0af724e74b4ba86e76178e197e1c5d5fa8afd772e18b2eb2be4e6756d7813fae75c50787a414bed586564234608766ae34076b78ec47445f066feb931000580432ad64161ce0c486be37b0d4cbc50e1d659a866821e823ca28", 0x6f}], 0x3, &(0x7f0000001b80)=[{0x100, 0x117, 0x5, "93039f58fffcbdc77fc98210413fc13cdb9c76b8c7b189fd614aadf51b70e41de6012e25de819cb1352f3a2f4683a496045376cfb9cbfeaab6712a020a2a9238fa54c2cd8a923a273451f3fb328eec91d9948971208deed91109920b42f74c72d73d7e2d93de4cdbfa8a2cdb615c8f50915dd90e7f718cf2b49e403938e68d9d25504565cfdcd8d1601af2d02bee721322cab863818b7fa5eb2af0f3057e4b9a1110e18c34f6e423a4fde892073ab5ed3e3e7b652f53f04fa519fa37ab8c3bced6b3dde17ac040f56dc86d6a28841483b050fb66ef6919f860ee68a86d3de70ef3dc1d25bf616856cd"}], 0x100}}, {{&(0x7f0000001c80)=@vsock, 0x80, &(0x7f0000002040)=[{&(0x7f0000001d00)="b3f6719256115af221d6456604e8757677df6e4e40c78c8d826bf377beaf977728b900228c1ed94d05fe7ec394f7d1e71e220deb00d17f9022e46986163f4a357c83d7da1f774825c18eb09ca3f0bac3cbe5fa99014fa0bb897fdd79a935537c71e53b57f5f3a7067ce7cb8b5bcca4c2055e6031fd7731df2d8fe98698dddb584fb2c5479fbdf62e4ef2e79cfeca02b6a7472c0aaba0d6a8932f035696d8e420beb6e80d1399a2dd1d06a6971bd011b5c04ccc20ef6d294f4ed2", 0xba}, {&(0x7f0000001dc0)="c617e3f85a8211c4ba7e22dbf000ec43d6cd4987ebf3ab779ef3e4732a6a4461fcbd4ac1d3183398d1e64eadc5557cbfd4f83a99c03b64e0a4581feab78d7f8e34e1461c2b32d8697db2e25690124504d5744bd611561a422d833b7e4f8904b46b3f4cf7b78de314484f31a241407ace01e4f7fe8e673529f796c6944a5d8533808be2e87726409864e89c70e66a28bdc71315fb8aa03c74a6df690ee558d9ad1df50b313a20fd4c510472a41d827cd1a8321144f0afbd683632694358844244227e2ebf67a90d2619e815fd139018ac765f770a85e1ff77e6409bc552455d6cb89500615eb956", 0xe7}, {&(0x7f0000001ec0)="69e08e83c523206a1e48f308dc0945288e6ef79b2f083b5e008ed2555f2b316475c12610a9037aa563bff3e4aeec26170d726d4edafac2485a3b3c8933e5b0848182997bafa931d9961b22ed0b03c3c05861d0900ee0416077df84ea2c57e622a3b9fcc76f0cc22bc56ac1291a6b71b768d094ce8eab3329649b7b2b5052eeb9bf0a540366e52f2c7f41657ffb4e3ccc63b552913ce0be6afdf05f7dcfdd97357ed488267baaf3e2f438b6e97f0a2f6fd04040d3b1838a81c70c6d1cf64dce990140544b5cc122936dea", 0xca}, {&(0x7f0000001fc0)="c5d9df87dd9895412c69205aca44133cdc42833867c11c193915099c50cc52a9dfa6a90af9679aa757f6acdcfae15f0176bf0c022976eee94e267b60e65bf8bba6ad7153e8be072cfb779ddc04834bfdcfb14ca5763a82f6fcadfd635eee0353d6", 0x61}], 0x4, &(0x7f0000002080)=[{0x80, 0x118, 0xbb6, "e25565ff5a0a4ca4fc79efa2684735d3bc5818b085ef11878d52984d042f01a5a5a1dd5f0767abdef2f620c4aca5d99980357176e4d2af3524a6241fecd2edd4e9939258d1811264797cb0508e27a3ee46d22de974986563a379ed525a9817cd348b7a290acf5110d8f803be"}, {0x18, 0x1, 0x4, "b5b08c39fe206a8e"}, {0x98, 0x0, 0x9, "f8d558d962885f24d10a1751c95800c8006e8b2478849eaa150a81c91d12644311601ee932793c3473081882c5464f99c5f7f114760dea0dc8421af1648f586e6b0ca7679b1ed4a856291ae7824f9c074431ad9b0659450cab1f16706b3bd8d52e89e1cdb441b334011a8ffefb7cc7187adbbcca08fc2a6cbf720ea595c2591ee655dd7af783"}, {0x18, 0x10c, 0x6, "39fdda4e5b"}, {0x28, 0x84, 0x8, "32f2ac9a8b55e03946cd3410d4fa376fe73c"}, {0x108, 0x10a, 0x2, "97878ed629da876518049bbf14ebf60600a6ab7cd4add3b8ecd9c10d5373c754c6652342973c39950f40659bdb8d8ded4aba18af937050d888a9571b4497da6f1cfdd11478db51a4bf4985fac4b425e35a2fe1320baf5c70d404b2da4dde90156b54303e2ff47fb0f0a474d2db7779bfd45b59f222ad0f517d660256d369f1dda0a940f1437cb930a8fdf6171a7c98835bc51513e2f032181484926ba34158696f32de10bf9bb21c4d24681f1eeb32fcae06ad6841f5885325e0f01df5b73a82511a14b6dc22172b891cb1dcd116c96c753f3c1a50cac350bfdaf9fa7276afa790a72f069d809ae336471764015df10ef8ae60468acf"}], 0x278}}], 0x4, 0x8000)
syz_emit_ethernet(0x52, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xc, 0x2, 0x0, 0x0, 0x0, {[@eol, @md5sig={0x13, 0x12, "ce79387d5c4e9d553755c88ff52509bd"}, @generic={0x22, 0x9, "06dffeb96a6289"}]}}}}}}}, 0x0)

01:36:02 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  491.804507][T14360] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  491.841357][T14362] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:02 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:02 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x0, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:03 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:03 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:03 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:04 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:04 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000000)={<r1=>0x41424344}, 0x1, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000040)=@req3={0x80, 0x15b, 0x9, 0x5, 0x6, 0x0, 0x9}, 0x1c)
syz_emit_ethernet(0x95, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd600a3ff2005f0600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=r1, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000faa85f6bb308e1131160e7815abae70185b211f7e9b72112b9d7dd50bc587d0f604ced41357ec81e59030000000000000067d46e1e8c7b04a1e5d5a4b633ffeadfe173d4b68aa8d09d3221"], 0x0)
syz_emit_ethernet(0x1e, &(0x7f0000000140)={@local, @multicast, @void, {@can={0xc, {{0x1, 0x1, 0x0, 0x1}, 0x8, 0x2, 0x0, 0x0, "073463fca0fe5787"}}}}, 0x0)

01:36:04 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0) (async)
syz_extract_tcp_res$synack(&(0x7f0000000000)={<r1=>0x41424344}, 0x1, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000040)=@req3={0x80, 0x15b, 0x9, 0x5, 0x6, 0x0, 0x9}, 0x1c) (async)
syz_emit_ethernet(0x95, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd600a3ff2005f0600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=r1, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000faa85f6bb308e1131160e7815abae70185b211f7e9b72112b9d7dd50bc587d0f604ced41357ec81e59030000000000000067d46e1e8c7b04a1e5d5a4b633ffeadfe173d4b68aa8d09d3221"], 0x0)
syz_emit_ethernet(0x1e, &(0x7f0000000140)={@local, @multicast, @void, {@can={0xc, {{0x1, 0x1, 0x0, 0x1}, 0x8, 0x2, 0x0, 0x0, "073463fca0fe5787"}}}}, 0x0)

01:36:04 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_extract_tcp_res$synack(&(0x7f0000000000)={<r1=>0x41424344}, 0x1, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000040)=@req3={0x80, 0x15b, 0x9, 0x5, 0x6, 0x0, 0x9}, 0x1c) (async)
syz_emit_ethernet(0x95, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd600a3ff2005f0600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=r1, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000faa85f6bb308e1131160e7815abae70185b211f7e9b72112b9d7dd50bc587d0f604ced41357ec81e59030000000000000067d46e1e8c7b04a1e5d5a4b633ffeadfe173d4b68aa8d09d3221"], 0x0) (async)
syz_emit_ethernet(0x1e, &(0x7f0000000140)={@local, @multicast, @void, {@can={0xc, {{0x1, 0x1, 0x0, 0x1}, 0x8, 0x2, 0x0, 0x0, "073463fca0fe5787"}}}}, 0x0)

01:36:04 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:04 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:04 executing program 3:
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f0000000100))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
sendto$inet(r0, &(0x7f0000000080)="c0e15b3417e0f49ca718c69539e8cc977cbfaedf92982fea32469fb95c81a65ca6751f889a1fa037653120ad379fb1064ee8fdbcb88e992e43cfc5d73c3ec41b34c011eb99d73bae22b2d466946ff9e3", 0x50, 0x400c845, 0x0, 0x0)
listen(r0, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0xd, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local, {[@timestamp_addr={0x44, 0x1c, 0x26, 0x1, 0xd, [{@multicast1, 0x3c000000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@local, 0x8}]}, @end]}}, {{0x4e24, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:04 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  493.931893][T14405] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:04 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:05 executing program 3:
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f0000000100)) (async)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
sendto$inet(r0, &(0x7f0000000080)="c0e15b3417e0f49ca718c69539e8cc977cbfaedf92982fea32469fb95c81a65ca6751f889a1fa037653120ad379fb1064ee8fdbcb88e992e43cfc5d73c3ec41b34c011eb99d73bae22b2d466946ff9e3", 0x50, 0x400c845, 0x0, 0x0) (async)
listen(r0, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0xd, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local, {[@timestamp_addr={0x44, 0x1c, 0x26, 0x1, 0xd, [{@multicast1, 0x3c000000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@local, 0x8}]}, @end]}}, {{0x4e24, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:05 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  494.296890][T14416] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:05 executing program 3:
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f0000000100))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
sendto$inet(r0, &(0x7f0000000080)="c0e15b3417e0f49ca718c69539e8cc977cbfaedf92982fea32469fb95c81a65ca6751f889a1fa037653120ad379fb1064ee8fdbcb88e992e43cfc5d73c3ec41b34c011eb99d73bae22b2d466946ff9e3", 0x50, 0x400c845, 0x0, 0x0)
listen(r0, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0xd, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local, {[@timestamp_addr={0x44, 0x1c, 0x26, 0x1, 0xd, [{@multicast1, 0x3c000000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@local, 0x8}]}, @end]}}, {{0x4e24, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f0000000100)) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
sendto$inet(r0, &(0x7f0000000080)="c0e15b3417e0f49ca718c69539e8cc977cbfaedf92982fea32469fb95c81a65ca6751f889a1fa037653120ad379fb1064ee8fdbcb88e992e43cfc5d73c3ec41b34c011eb99d73bae22b2d466946ff9e3", 0x50, 0x400c845, 0x0, 0x0) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0xd, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local, {[@timestamp_addr={0x44, 0x1c, 0x26, 0x1, 0xd, [{@multicast1, 0x3c000000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@local, 0x8}]}, @end]}}, {{0x4e24, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)

[  494.496432][T14421] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:05 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/psched\x00')
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000040), 0x4)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
socket$isdn(0x22, 0x3, 0x3)

01:36:05 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  494.741082][T14429] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:05 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/psched\x00')
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000040), 0x4) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
socket$isdn(0x22, 0x3, 0x3)

[  494.909274][T14436] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:05 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:06 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:06 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/psched\x00')
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000040), 0x4) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
socket$isdn(0x22, 0x3, 0x3)

01:36:06 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  495.275648][T14443] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:06 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='x\x00\x00'], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
accept4(r2, &(0x7f0000000980), &(0x7f0000000a00)=0x80, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0)
sendmsg(r1, &(0x7f0000000300)={&(0x7f0000000000)=@vsock={0x28, 0x0, 0xffffffff}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000080)="9286a2cf35ae8699de06e65ae5ac7d5bdb26df8686155e00163a5fec932e57bf390a394a3af836b5e6d57581ec4d7d3f576292b4830662a9740d3ccadbe445aa01f50652aec6d97478342428fc5d010ebf8d0be56c0d21e0d54ff8e15a1418718505aa61565b68ed9265928b11891ee458fcdc6108aa596f2fe6c26aa1564332414376ce8c0c52e9389893511c85f6387d0f2db5749c6249e22139b877eed7792c0820d9f3a3402e82732386ce9ce6b376c48e76bbedf1379b7d6f79a77dfd8d8a5f73a58a0f3ddbdda37b07bd4b63c0100ccbca2760b95c6ae5432b630d23ade787dd73173a12b09e334982", 0xec}, {&(0x7f0000000180)="d351681b26c7e8bd6db6b5aa3b4be51269c43061cabf40bc571efe2f24f672c0ae3a6044fc8fa95fc3a67b31fd89a98266b63d8ac66931f2186a9a17c2f2a078986fae72782607807461af991ab716fb0bca746f2be553ceaf6366c2910e4ca42bee592ff2522bff46f4cd1f01897b0f04c3b3c5c87651e7b6ff707bb18720dd047bc8636b88fde15b6a5b30bf1bff44dd7d3c2047438a5fac2b9cd50e3fadaf9f88dd", 0xa3}, {&(0x7f0000000240)="fd6871fc10281f233c288687f5fba544a9702f4448d5c9b211d9a2804791336908239ae2dfbe2fc4d3895e415e1002614ef2b0f06cf526db6da215386a27a6600f468e28847d9eacf1a6bc303d09b83d605b3ba54650ecf46f400ead4baee9058c25ff7478fa", 0x66}], 0x3, &(0x7f0000000400)=[{0x48, 0x101, 0xffff, "041785f60561f803abb56cae21ee3ddc519fb129494d285ff50a4921537084caf968b2255a148d5e5601c3bb2ed153ef5dede3"}, {0x100, 0x12, 0x0, "8bfce343242b8b593836b1902964a0d9c5dd4dda2805ad06d7ea2aa3394bddd551fdf05e5c0edfdfe0170eb5139d64bfb2c731dfdc1c0c993e9c3f0ff0a44ea634d4ba6767b0f28557b0948e30c7ce4071e0a52038257c244ae71393db67b2658a467f3c2930decb835fa82ba8e88ed1f5b600746acfb9e2b8e15a1dbf19acbabd2297b3d6967c1fa0e459af39b4b2b2f97e27bbd69a23a32a24cb5df27e55a0aa3d5ddeffc7dbcbe96c16cd24a18c46bba87297fec810124f9dd666c53e3a41f543164eacac9583848fc06ca836c4aa8afe91b9e40eeb14ea5959f3291d6a037dbe55c8f65c75d5d341"}, {0x40, 0x101, 0x1ff, "f58741748269f7a79e1147e4c1c3d3f52a924aca32d61ee0516042aafb13681a9d4b087397f68cb80d00"}, {0xa0, 0x88, 0x0, "28b569a37cd0edbb9807214faf58784fc5802d3aa4e5331377cbfa943307a50910af3bd5f71d56973b7df975fd96b0450ac48183f2cd8665aec521c1a08c290d9bd85b52b99a1c89b6faedb151bbcffe270b9731e56f2d6011303386cefdbf351e7a6503a30c67e8be6cc116432bbf28c272b69fb11b23f58e50daf9d64c29b11ac6023728c5cfee8633a8b1d9b5"}, {0xb0, 0x0, 0x8, "8731c7c39c997090fbe768268c2cf2e5af0b75871a3799bcfae81208460a39b2820f5791ff92d01a9763ac677dc63e2204a6b5eaccb6e3808d4a53d7fb61d5df45ff109dc61c9919c306b5476645aa2617c6da59ec2ff443cede8c8b8f724e7f874cb31944e79831d38d01d6d96070223552e68ad60843fbec7fb62d5eaba240abf5f505bcd272c520a5368113d3f14cac210f7a7539091b5c32c0dfc0"}, {0xe8, 0x113, 0xffff, "3328215db7abd33fd6cacfc8777653b0d52438270b970ce81309cd9031d3ddb33ba9fbf097375e40ee4d3f200d99ff450f1fb4aad8e02150261db49b9bdc53b7f33984df23fbc915c675571e21333d44f52eb59db20b4e2ab063867c5c1416965c908f5f9f65e111f20180a5557bcaaebb0015e14a4f899985a2f2a7ba1cf26c349dc5bb3f89606d59aa7a342ab69c788ae1010727049b01036e90b5b622fa4eb1ebe01db709477644c820af16b96f808844ef895b89c175c37370dc71bfb4af761450351970e0396b5a9e2e2e41f225fdaa6bd9571e"}, {0x78, 0x11, 0x6, "beedf203ca78a7dd1d20eb8cfe46f52e174dd4925ab7b3108017390dbf033cf27b12113f032d154d447a46d0d7a9645962ec3522fa220451178779ff35059f081a78a00814c730140962b8250881985ee1754de024abae293a828046c617aaae80e517d100"}, {0xf8, 0x6, 0x7, "1739772c526688aa8f378815e3472ecf16a047e84fb93bc2491861b4424c5b3c212d8e75fe8c0077124579d07d658a994513bea42148330ef65b9be51e66e3de6422d44fe0df3417b0485280c65edcd1637bc109c6d7168acfaab547462320d6a24f409590ff5490783d0765ba20a7b456e9afd11c7b4138cceb4b8ea7752eba9dc27f5b5b6eccf3f090fd5a30ff49d855d1642831177a236d9f157b12442ad72ab995e954d8a9bda7edbae607251809fbe35fb31a3d81cf79ead903690102d11a7e06a2838e82b461005dbf2e69097cf15a38c696921d585638a25d824230f21ebf47d74cab55"}, {0x50, 0xff, 0x8, "95638821d27157cf39b4f7b950e174dc6e5fa69beb3a4c7b48cd6a5019aeb71a405ad4e3fd39c8805a06508d5a9bdfa43ad86ff3e7c523d552e6f2e5152a"}], 0x580}, 0x1)

01:36:06 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:06 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='x\x00\x00'], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
accept4(r2, &(0x7f0000000980), &(0x7f0000000a00)=0x80, 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0)
sendmsg(r1, &(0x7f0000000300)={&(0x7f0000000000)=@vsock={0x28, 0x0, 0xffffffff}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000080)="9286a2cf35ae8699de06e65ae5ac7d5bdb26df8686155e00163a5fec932e57bf390a394a3af836b5e6d57581ec4d7d3f576292b4830662a9740d3ccadbe445aa01f50652aec6d97478342428fc5d010ebf8d0be56c0d21e0d54ff8e15a1418718505aa61565b68ed9265928b11891ee458fcdc6108aa596f2fe6c26aa1564332414376ce8c0c52e9389893511c85f6387d0f2db5749c6249e22139b877eed7792c0820d9f3a3402e82732386ce9ce6b376c48e76bbedf1379b7d6f79a77dfd8d8a5f73a58a0f3ddbdda37b07bd4b63c0100ccbca2760b95c6ae5432b630d23ade787dd73173a12b09e334982", 0xec}, {&(0x7f0000000180)="d351681b26c7e8bd6db6b5aa3b4be51269c43061cabf40bc571efe2f24f672c0ae3a6044fc8fa95fc3a67b31fd89a98266b63d8ac66931f2186a9a17c2f2a078986fae72782607807461af991ab716fb0bca746f2be553ceaf6366c2910e4ca42bee592ff2522bff46f4cd1f01897b0f04c3b3c5c87651e7b6ff707bb18720dd047bc8636b88fde15b6a5b30bf1bff44dd7d3c2047438a5fac2b9cd50e3fadaf9f88dd", 0xa3}, {&(0x7f0000000240)="fd6871fc10281f233c288687f5fba544a9702f4448d5c9b211d9a2804791336908239ae2dfbe2fc4d3895e415e1002614ef2b0f06cf526db6da215386a27a6600f468e28847d9eacf1a6bc303d09b83d605b3ba54650ecf46f400ead4baee9058c25ff7478fa", 0x66}], 0x3, &(0x7f0000000400)=[{0x48, 0x101, 0xffff, "041785f60561f803abb56cae21ee3ddc519fb129494d285ff50a4921537084caf968b2255a148d5e5601c3bb2ed153ef5dede3"}, {0x100, 0x12, 0x0, "8bfce343242b8b593836b1902964a0d9c5dd4dda2805ad06d7ea2aa3394bddd551fdf05e5c0edfdfe0170eb5139d64bfb2c731dfdc1c0c993e9c3f0ff0a44ea634d4ba6767b0f28557b0948e30c7ce4071e0a52038257c244ae71393db67b2658a467f3c2930decb835fa82ba8e88ed1f5b600746acfb9e2b8e15a1dbf19acbabd2297b3d6967c1fa0e459af39b4b2b2f97e27bbd69a23a32a24cb5df27e55a0aa3d5ddeffc7dbcbe96c16cd24a18c46bba87297fec810124f9dd666c53e3a41f543164eacac9583848fc06ca836c4aa8afe91b9e40eeb14ea5959f3291d6a037dbe55c8f65c75d5d341"}, {0x40, 0x101, 0x1ff, "f58741748269f7a79e1147e4c1c3d3f52a924aca32d61ee0516042aafb13681a9d4b087397f68cb80d00"}, {0xa0, 0x88, 0x0, "28b569a37cd0edbb9807214faf58784fc5802d3aa4e5331377cbfa943307a50910af3bd5f71d56973b7df975fd96b0450ac48183f2cd8665aec521c1a08c290d9bd85b52b99a1c89b6faedb151bbcffe270b9731e56f2d6011303386cefdbf351e7a6503a30c67e8be6cc116432bbf28c272b69fb11b23f58e50daf9d64c29b11ac6023728c5cfee8633a8b1d9b5"}, {0xb0, 0x0, 0x8, "8731c7c39c997090fbe768268c2cf2e5af0b75871a3799bcfae81208460a39b2820f5791ff92d01a9763ac677dc63e2204a6b5eaccb6e3808d4a53d7fb61d5df45ff109dc61c9919c306b5476645aa2617c6da59ec2ff443cede8c8b8f724e7f874cb31944e79831d38d01d6d96070223552e68ad60843fbec7fb62d5eaba240abf5f505bcd272c520a5368113d3f14cac210f7a7539091b5c32c0dfc0"}, {0xe8, 0x113, 0xffff, "3328215db7abd33fd6cacfc8777653b0d52438270b970ce81309cd9031d3ddb33ba9fbf097375e40ee4d3f200d99ff450f1fb4aad8e02150261db49b9bdc53b7f33984df23fbc915c675571e21333d44f52eb59db20b4e2ab063867c5c1416965c908f5f9f65e111f20180a5557bcaaebb0015e14a4f899985a2f2a7ba1cf26c349dc5bb3f89606d59aa7a342ab69c788ae1010727049b01036e90b5b622fa4eb1ebe01db709477644c820af16b96f808844ef895b89c175c37370dc71bfb4af761450351970e0396b5a9e2e2e41f225fdaa6bd9571e"}, {0x78, 0x11, 0x6, "beedf203ca78a7dd1d20eb8cfe46f52e174dd4925ab7b3108017390dbf033cf27b12113f032d154d447a46d0d7a9645962ec3522fa220451178779ff35059f081a78a00814c730140962b8250881985ee1754de024abae293a828046c617aaae80e517d100"}, {0xf8, 0x6, 0x7, "1739772c526688aa8f378815e3472ecf16a047e84fb93bc2491861b4424c5b3c212d8e75fe8c0077124579d07d658a994513bea42148330ef65b9be51e66e3de6422d44fe0df3417b0485280c65edcd1637bc109c6d7168acfaab547462320d6a24f409590ff5490783d0765ba20a7b456e9afd11c7b4138cceb4b8ea7752eba9dc27f5b5b6eccf3f090fd5a30ff49d855d1642831177a236d9f157b12442ad72ab995e954d8a9bda7edbae607251809fbe35fb31a3d81cf79ead903690102d11a7e06a2838e82b461005dbf2e69097cf15a38c696921d585638a25d824230f21ebf47d74cab55"}, {0x50, 0xff, 0x8, "95638821d27157cf39b4f7b950e174dc6e5fa69beb3a4c7b48cd6a5019aeb71a405ad4e3fd39c8805a06508d5a9bdfa43ad86ff3e7c523d552e6f2e5152a"}], 0x580}, 0x1)

01:36:06 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async, rerun: 64)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='x\x00\x00'], 0x0) (rerun: 64)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
accept4(r2, &(0x7f0000000980), &(0x7f0000000a00)=0x80, 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0)
sendmsg(r1, &(0x7f0000000300)={&(0x7f0000000000)=@vsock={0x28, 0x0, 0xffffffff}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000080)="9286a2cf35ae8699de06e65ae5ac7d5bdb26df8686155e00163a5fec932e57bf390a394a3af836b5e6d57581ec4d7d3f576292b4830662a9740d3ccadbe445aa01f50652aec6d97478342428fc5d010ebf8d0be56c0d21e0d54ff8e15a1418718505aa61565b68ed9265928b11891ee458fcdc6108aa596f2fe6c26aa1564332414376ce8c0c52e9389893511c85f6387d0f2db5749c6249e22139b877eed7792c0820d9f3a3402e82732386ce9ce6b376c48e76bbedf1379b7d6f79a77dfd8d8a5f73a58a0f3ddbdda37b07bd4b63c0100ccbca2760b95c6ae5432b630d23ade787dd73173a12b09e334982", 0xec}, {&(0x7f0000000180)="d351681b26c7e8bd6db6b5aa3b4be51269c43061cabf40bc571efe2f24f672c0ae3a6044fc8fa95fc3a67b31fd89a98266b63d8ac66931f2186a9a17c2f2a078986fae72782607807461af991ab716fb0bca746f2be553ceaf6366c2910e4ca42bee592ff2522bff46f4cd1f01897b0f04c3b3c5c87651e7b6ff707bb18720dd047bc8636b88fde15b6a5b30bf1bff44dd7d3c2047438a5fac2b9cd50e3fadaf9f88dd", 0xa3}, {&(0x7f0000000240)="fd6871fc10281f233c288687f5fba544a9702f4448d5c9b211d9a2804791336908239ae2dfbe2fc4d3895e415e1002614ef2b0f06cf526db6da215386a27a6600f468e28847d9eacf1a6bc303d09b83d605b3ba54650ecf46f400ead4baee9058c25ff7478fa", 0x66}], 0x3, &(0x7f0000000400)=[{0x48, 0x101, 0xffff, "041785f60561f803abb56cae21ee3ddc519fb129494d285ff50a4921537084caf968b2255a148d5e5601c3bb2ed153ef5dede3"}, {0x100, 0x12, 0x0, "8bfce343242b8b593836b1902964a0d9c5dd4dda2805ad06d7ea2aa3394bddd551fdf05e5c0edfdfe0170eb5139d64bfb2c731dfdc1c0c993e9c3f0ff0a44ea634d4ba6767b0f28557b0948e30c7ce4071e0a52038257c244ae71393db67b2658a467f3c2930decb835fa82ba8e88ed1f5b600746acfb9e2b8e15a1dbf19acbabd2297b3d6967c1fa0e459af39b4b2b2f97e27bbd69a23a32a24cb5df27e55a0aa3d5ddeffc7dbcbe96c16cd24a18c46bba87297fec810124f9dd666c53e3a41f543164eacac9583848fc06ca836c4aa8afe91b9e40eeb14ea5959f3291d6a037dbe55c8f65c75d5d341"}, {0x40, 0x101, 0x1ff, "f58741748269f7a79e1147e4c1c3d3f52a924aca32d61ee0516042aafb13681a9d4b087397f68cb80d00"}, {0xa0, 0x88, 0x0, "28b569a37cd0edbb9807214faf58784fc5802d3aa4e5331377cbfa943307a50910af3bd5f71d56973b7df975fd96b0450ac48183f2cd8665aec521c1a08c290d9bd85b52b99a1c89b6faedb151bbcffe270b9731e56f2d6011303386cefdbf351e7a6503a30c67e8be6cc116432bbf28c272b69fb11b23f58e50daf9d64c29b11ac6023728c5cfee8633a8b1d9b5"}, {0xb0, 0x0, 0x8, "8731c7c39c997090fbe768268c2cf2e5af0b75871a3799bcfae81208460a39b2820f5791ff92d01a9763ac677dc63e2204a6b5eaccb6e3808d4a53d7fb61d5df45ff109dc61c9919c306b5476645aa2617c6da59ec2ff443cede8c8b8f724e7f874cb31944e79831d38d01d6d96070223552e68ad60843fbec7fb62d5eaba240abf5f505bcd272c520a5368113d3f14cac210f7a7539091b5c32c0dfc0"}, {0xe8, 0x113, 0xffff, "3328215db7abd33fd6cacfc8777653b0d52438270b970ce81309cd9031d3ddb33ba9fbf097375e40ee4d3f200d99ff450f1fb4aad8e02150261db49b9bdc53b7f33984df23fbc915c675571e21333d44f52eb59db20b4e2ab063867c5c1416965c908f5f9f65e111f20180a5557bcaaebb0015e14a4f899985a2f2a7ba1cf26c349dc5bb3f89606d59aa7a342ab69c788ae1010727049b01036e90b5b622fa4eb1ebe01db709477644c820af16b96f808844ef895b89c175c37370dc71bfb4af761450351970e0396b5a9e2e2e41f225fdaa6bd9571e"}, {0x78, 0x11, 0x6, "beedf203ca78a7dd1d20eb8cfe46f52e174dd4925ab7b3108017390dbf033cf27b12113f032d154d447a46d0d7a9645962ec3522fa220451178779ff35059f081a78a00814c730140962b8250881985ee1754de024abae293a828046c617aaae80e517d100"}, {0xf8, 0x6, 0x7, "1739772c526688aa8f378815e3472ecf16a047e84fb93bc2491861b4424c5b3c212d8e75fe8c0077124579d07d658a994513bea42148330ef65b9be51e66e3de6422d44fe0df3417b0485280c65edcd1637bc109c6d7168acfaab547462320d6a24f409590ff5490783d0765ba20a7b456e9afd11c7b4138cceb4b8ea7752eba9dc27f5b5b6eccf3f090fd5a30ff49d855d1642831177a236d9f157b12442ad72ab995e954d8a9bda7edbae607251809fbe35fb31a3d81cf79ead903690102d11a7e06a2838e82b461005dbf2e69097cf15a38c696921d585638a25d824230f21ebf47d74cab55"}, {0x50, 0xff, 0x8, "95638821d27157cf39b4f7b950e174dc6e5fa69beb3a4c7b48cd6a5019aeb71a405ad4e3fd39c8805a06508d5a9bdfa43ad86ff3e7c523d552e6f2e5152a"}], 0x580}, 0x1)

01:36:06 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:06 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x0, 0x1ff}}, './file0\x00'})
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040)={0x5, 0x8, 0xffff, 0x19, 0x10001}, 0x14)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:06 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x0, 0x1ff}}, './file0\x00'})
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040)={0x5, 0x8, 0xffff, 0x19, 0x10001}, 0x14)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x0, 0x1ff}}, './file0\x00'}) (async)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040)={0x5, 0x8, 0xffff, 0x19, 0x10001}, 0x14) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)

[  495.925229][T14467] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:06 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  496.020151][T14469] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:07 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x0, 0x1ff}}, './file0\x00'})
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040)={0x5, 0x8, 0xffff, 0x19, 0x10001}, 0x14)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x0, 0x1ff}}, './file0\x00'}) (async)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040)={0x5, 0x8, 0xffff, 0x19, 0x10001}, 0x14) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)

[  496.351369][T14479] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:07 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:07 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:07 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x4}}, './file0\x00'})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000080)=<r2=>0x0, &(0x7f00000000c0)=0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@delqdisc={0x24, 0x25, 0x400, 0x703d28, 0x25dfdbf9, {0x0, 0x0, 0x0, r2, {0xf, 0xc}, {0xffe0, 0xffe0}, {0x7, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000050}, 0x40045)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:07 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  496.674558][T14488] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:08 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x4}}, './file0\x00'})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000080)=<r2=>0x0, &(0x7f00000000c0)=0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@delqdisc={0x24, 0x25, 0x400, 0x703d28, 0x25dfdbf9, {0x0, 0x0, 0x0, r2, {0xf, 0xc}, {0xffe0, 0xffe0}, {0x7, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000050}, 0x40045)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) (async)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x4) (async)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@delqdisc={0x24, 0x25, 0x400, 0x703d28, 0x25dfdbf9, {0x0, 0x0, 0x0, r2, {0xf, 0xc}, {0xffe0, 0xffe0}, {0x7, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000050}, 0x40045) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)

01:36:08 executing program 0:
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f0000000100))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
sendto$inet(r0, &(0x7f0000000080)="c0e15b3417e0f49ca718c69539e8cc977cbfaedf92982fea32469fb95c81a65ca6751f889a1fa037653120ad379fb1064ee8fdbcb88e992e43cfc5d73c3ec41b34c011eb99d73bae22b2d466946ff9e3", 0x50, 0x400c845, 0x0, 0x0)
listen(r0, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0xd, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local, {[@timestamp_addr={0x44, 0x1c, 0x26, 0x1, 0xd, [{@multicast1, 0x3c000000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@local, 0x8}]}, @end]}}, {{0x4e24, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:08 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:08 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:08 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x4}}, './file0\x00'}) (async)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000080)=<r2=>0x0, &(0x7f00000000c0)=0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@delqdisc={0x24, 0x25, 0x400, 0x703d28, 0x25dfdbf9, {0x0, 0x0, 0x0, r2, {0xf, 0xc}, {0xffe0, 0xffe0}, {0x7, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000050}, 0x40045) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async, rerun: 64)
listen(r0, 0x0) (rerun: 64)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:08 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:08 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:09 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:09 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180))
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:09 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:09 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:09 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:09 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:09 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:10 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x0, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:10 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x0, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:10 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x0, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:10 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:10 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180))
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:10 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180))
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:10 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:10 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = socket$bt_bnep(0x1f, 0x3, 0x4)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{0xabac, 0x80, 0x2, 0x9}, {0xa2d8, 0x80, 0x9, 0x8}, {0x8000, 0x2, 0xf9, 0x10000}, {0x1ff, 0x7f, 0x9}, {0x80, 0x2, 0xef, 0x10001}, {0xfffc, 0x5, 0x35, 0x10001}]}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  500.027224][T14558] net_ratelimit: 3 callbacks suppressed
[  500.027245][T14558] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:11 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)

[  500.342652][T14560] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:11 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  500.496948][T14560] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:11 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:11 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:11 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x2000}}}}}}, 0x0)

01:36:11 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180))
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:11 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)

[  500.959861][T14572] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:11 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(0xffffffffffffffff)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  501.034666][T14575] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  501.117224][T14578] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  501.129063][ T1227] ieee802154 phy0 wpan0: encryption failed: -22
[  501.135342][ T1227] ieee802154 phy1 wpan1: encryption failed: -22
01:36:12 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(0xffffffffffffffff)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:12 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x7a}}}}}}, 0x0)

01:36:12 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(0xffffffffffffffff)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  501.317121][T14582] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)

01:36:12 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e) (fail_nth: 1)

01:36:12 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  501.545483][T14586] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  501.575009][T14590] FAULT_INJECTION: forcing a failure.
[  501.575009][T14590] name failslab, interval 1, probability 0, space 0, times 0
[  501.657352][T14586] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  501.738950][T14590] CPU: 1 PID: 14590 Comm: syz-executor.4 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  501.749495][T14590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  501.759583][T14590] Call Trace:
[  501.762859][T14590]  <TASK>
[  501.765792][T14590]  dump_stack_lvl+0xcd/0x134
[  501.771456][T14590]  should_fail.cold+0x5/0xa
[  501.775961][T14590]  should_failslab+0x5/0x10
[  501.780460][T14590]  kmem_cache_alloc_lru+0x65/0x720
[  501.785571][T14590]  ? sock_alloc_inode+0x23/0x1d0
[  501.790538][T14590]  sock_alloc_inode+0x23/0x1d0
[  501.795312][T14590]  ? sock_free_inode+0x20/0x20
[  501.800129][T14590]  alloc_inode+0x61/0x230
[  501.804532][T14590]  new_inode_pseudo+0x14/0xe0
[  501.809210][T14590]  sock_alloc+0x3c/0x260
[  501.813458][T14590]  __sock_create+0xb9/0x790
[  501.817966][T14590]  __sys_socket+0xef/0x200
[  501.822388][T14590]  ? compat_sock_ioctl+0x660/0x660
[  501.827593][T14590]  __x64_sys_socket+0x6f/0xb0
[  501.832270][T14590]  ? syscall_enter_from_user_mode+0x21/0x70
[  501.838254][T14590]  do_syscall_64+0x35/0xb0
[  501.842673][T14590]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  501.848581][T14590] RIP: 0033:0x7f644448a767
[  501.852993][T14590] Code: f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  501.872596][T14590] RSP: 002b:00007f64456c00a8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  501.881009][T14590] RAX: ffffffffffffffda RBX: 00007f644459bf60 RCX: 00007f644448a767
01:36:12 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  501.888974][T14590] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  501.896951][T14590] RBP: 00007f64456c11d0 R08: 0000000000000000 R09: 0000000000000000
[  501.904958][T14590] R10: 00000000200002c0 R11: 0000000000000287 R12: 0000000000000001
[  501.912967][T14590] R13: 000000000000002e R14: 00000000200002c0 R15: 0000000000022000
[  501.921222][T14590]  </TASK>
01:36:12 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:12 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0) (fail_nth: 1)

[  502.256899][T14590] socket: no more sockets
01:36:13 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  502.289921][T14601] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  502.387854][T14601] FAULT_INJECTION: forcing a failure.
[  502.387854][T14601] name failslab, interval 1, probability 0, space 0, times 0
[  502.466542][T14601] CPU: 1 PID: 14601 Comm: syz-executor.0 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  502.477077][T14601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  502.487140][T14601] Call Trace:
[  502.490421][T14601]  <TASK>
[  502.493356][T14601]  dump_stack_lvl+0xcd/0x134
[  502.497944][T14601]  should_fail.cold+0x5/0xa
[  502.502447][T14601]  should_failslab+0x5/0x10
[  502.506948][T14601]  kmem_cache_alloc_lru+0x65/0x720
[  502.512051][T14601]  ? sock_alloc_inode+0x23/0x1d0
[  502.516990][T14601]  sock_alloc_inode+0x23/0x1d0
[  502.521749][T14601]  ? sock_free_inode+0x20/0x20
[  502.526515][T14601]  alloc_inode+0x61/0x230
[  502.530844][T14601]  new_inode_pseudo+0x14/0xe0
[  502.535525][T14601]  sock_alloc+0x3c/0x260
[  502.539764][T14601]  __sock_create+0xb9/0x790
[  502.544286][T14601]  __sys_socket+0xef/0x200
[  502.548706][T14601]  ? compat_sock_ioctl+0x660/0x660
[  502.553832][T14601]  __x64_sys_socket+0x6f/0xb0
[  502.558526][T14601]  ? syscall_enter_from_user_mode+0x21/0x70
[  502.564437][T14601]  do_syscall_64+0x35/0xb0
[  502.568858][T14601]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  502.574753][T14601] RIP: 0033:0x7f602988a767
[  502.579271][T14601] Code: f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  502.599010][T14601] RSP: 002b:00007f602aa3b0a8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  502.607428][T14601] RAX: ffffffffffffffda RBX: 00007f602999bf60 RCX: 00007f602988a767
[  502.615394][T14601] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  502.623366][T14601] RBP: 00007f602aa3c1d0 R08: 0000000000000000 R09: 0000000000000000
[  502.631334][T14601] R10: 00000000200003c0 R11: 0000000000000287 R12: 0000000000000001
[  502.639298][T14601] R13: 0000000000000000 R14: 00000000200003c0 R15: 0000000000022000
[  502.647276][T14601]  </TASK>
01:36:13 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  502.738853][T14601] socket: no more sockets
01:36:13 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e) (fail_nth: 2)

[  502.882755][T14608] FAULT_INJECTION: forcing a failure.
[  502.882755][T14608] name failslab, interval 1, probability 0, space 0, times 0
[  502.910751][T14608] CPU: 1 PID: 14608 Comm: syz-executor.4 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  502.921294][T14608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  502.931348][T14608] Call Trace:
[  502.934621][T14608]  <TASK>
[  502.937538][T14608]  dump_stack_lvl+0xcd/0x134
[  502.942129][T14608]  should_fail.cold+0x5/0xa
[  502.946628][T14608]  ? security_inode_alloc+0x34/0x160
[  502.951910][T14608]  should_failslab+0x5/0x10
[  502.956404][T14608]  kmem_cache_alloc+0x5e/0x3b0
[  502.961164][T14608]  security_inode_alloc+0x34/0x160
[  502.966299][T14608]  inode_init_always+0x5d8/0xd70
[  502.971229][T14608]  ? __init_waitqueue_head+0x6b/0xd0
[  502.976567][T14608]  alloc_inode+0x82/0x230
[  502.980894][T14608]  new_inode_pseudo+0x14/0xe0
[  502.985747][T14608]  sock_alloc+0x3c/0x260
[  502.989994][T14608]  __sock_create+0xb9/0x790
[  502.994509][T14608]  __sys_socket+0xef/0x200
[  502.998927][T14608]  ? compat_sock_ioctl+0x660/0x660
[  503.004061][T14608]  __x64_sys_socket+0x6f/0xb0
[  503.008740][T14608]  ? syscall_enter_from_user_mode+0x21/0x70
[  503.014648][T14608]  do_syscall_64+0x35/0xb0
[  503.019066][T14608]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  503.024959][T14608] RIP: 0033:0x7f644448a767
[  503.029369][T14608] Code: f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  503.048973][T14608] RSP: 002b:00007f64456c00a8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  503.057383][T14608] RAX: ffffffffffffffda RBX: 00007f644459bf60 RCX: 00007f644448a767
[  503.065358][T14608] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  503.073323][T14608] RBP: 00007f64456c11d0 R08: 0000000000000000 R09: 0000000000000000
01:36:14 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  503.081463][T14608] R10: 00000000200002c0 R11: 0000000000000287 R12: 0000000000000001
[  503.089434][T14608] R13: 000000000000002e R14: 00000000200002c0 R15: 0000000000022000
[  503.097424][T14608]  </TASK>
01:36:14 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:14 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0) (fail_nth: 2)

[  503.189447][T14608] socket: no more sockets
[  503.231686][T14617] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  503.279773][T14617] FAULT_INJECTION: forcing a failure.
[  503.279773][T14617] name failslab, interval 1, probability 0, space 0, times 0
[  503.293516][T14617] CPU: 0 PID: 14617 Comm: syz-executor.0 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  503.304047][T14617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  503.314211][T14617] Call Trace:
[  503.317488][T14617]  <TASK>
[  503.320416][T14617]  dump_stack_lvl+0xcd/0x134
[  503.325012][T14617]  should_fail.cold+0x5/0xa
[  503.329524][T14617]  ? security_inode_alloc+0x34/0x160
[  503.334815][T14617]  should_failslab+0x5/0x10
[  503.339314][T14617]  kmem_cache_alloc+0x5e/0x3b0
[  503.344074][T14617]  security_inode_alloc+0x34/0x160
[  503.349198][T14617]  inode_init_always+0x5d8/0xd70
[  503.354231][T14617]  ? __init_waitqueue_head+0x6b/0xd0
[  503.359516][T14617]  alloc_inode+0x82/0x230
[  503.363959][T14617]  new_inode_pseudo+0x14/0xe0
[  503.368664][T14617]  sock_alloc+0x3c/0x260
[  503.372929][T14617]  __sock_create+0xb9/0x790
[  503.377439][T14617]  __sys_socket+0xef/0x200
[  503.381861][T14617]  ? compat_sock_ioctl+0x660/0x660
[  503.386974][T14617]  __x64_sys_socket+0x6f/0xb0
[  503.391648][T14617]  ? syscall_enter_from_user_mode+0x21/0x70
[  503.397533][T14617]  do_syscall_64+0x35/0xb0
[  503.401943][T14617]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  503.407827][T14617] RIP: 0033:0x7f602988a767
[  503.412239][T14617] Code: f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  503.431842][T14617] RSP: 002b:00007f602aa3b0a8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  503.440255][T14617] RAX: ffffffffffffffda RBX: 00007f602999bf60 RCX: 00007f602988a767
[  503.448247][T14617] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  503.456219][T14617] RBP: 00007f602aa3c1d0 R08: 0000000000000000 R09: 0000000000000000
[  503.464180][T14617] R10: 00000000200003c0 R11: 0000000000000287 R12: 0000000000000001
[  503.472139][T14617] R13: 0000000000000000 R14: 00000000200003c0 R15: 0000000000022000
[  503.480116][T14617]  </TASK>
[  503.534109][T14617] socket: no more sockets
01:36:14 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:14 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e) (fail_nth: 3)

[  503.742597][T14622] FAULT_INJECTION: forcing a failure.
[  503.742597][T14622] name failslab, interval 1, probability 0, space 0, times 0
[  503.816695][T14622] CPU: 1 PID: 14622 Comm: syz-executor.4 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  503.827240][T14622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  503.837310][T14622] Call Trace:
[  503.840653][T14622]  <TASK>
[  503.843578][T14622]  dump_stack_lvl+0xcd/0x134
[  503.848166][T14622]  should_fail.cold+0x5/0xa
[  503.852668][T14622]  should_failslab+0x5/0x10
[  503.857172][T14622]  __kmalloc+0x7e/0x350
[  503.861338][T14622]  ? sk_prot_alloc+0x110/0x290
[  503.866094][T14622]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[  503.871914][T14622]  sk_prot_alloc+0x110/0x290
[  503.876546][T14622]  sk_alloc+0x36/0x770
[  503.880651][T14622]  __netlink_create+0x63/0x2f0
[  503.885550][T14622]  netlink_create+0x3ad/0x5e0
[  503.890257][T14622]  ? genl_start+0x670/0x670
[  503.894797][T14622]  __sock_create+0x353/0x790
[  503.899457][T14622]  __sys_socket+0xef/0x200
[  503.903910][T14622]  ? compat_sock_ioctl+0x660/0x660
[  503.909061][T14622]  __x64_sys_socket+0x6f/0xb0
[  503.913761][T14622]  ? syscall_enter_from_user_mode+0x21/0x70
[  503.919680][T14622]  do_syscall_64+0x35/0xb0
[  503.924132][T14622]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  503.930055][T14622] RIP: 0033:0x7f644448a767
[  503.934485][T14622] Code: f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  503.954109][T14622] RSP: 002b:00007f64456c00a8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  503.962511][T14622] RAX: ffffffffffffffda RBX: 00007f644459bf60 RCX: 00007f644448a767
[  503.970469][T14622] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  503.978428][T14622] RBP: 00007f64456c11d0 R08: 0000000000000000 R09: 0000000000000000
[  503.986387][T14622] R10: 00000000200002c0 R11: 0000000000000287 R12: 0000000000000001
[  503.994344][T14622] R13: 000000000000002e R14: 00000000200002c0 R15: 0000000000022000
[  504.002314][T14622]  </TASK>
01:36:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0) (fail_nth: 3)

01:36:14 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:15 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:15 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  504.217904][T14627] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  504.287285][T14627] FAULT_INJECTION: forcing a failure.
[  504.287285][T14627] name failslab, interval 1, probability 0, space 0, times 0
[  504.326511][T14627] CPU: 1 PID: 14627 Comm: syz-executor.0 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  504.337057][T14627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  504.347106][T14627] Call Trace:
[  504.350378][T14627]  <TASK>
[  504.353302][T14627]  dump_stack_lvl+0xcd/0x134
[  504.357899][T14627]  should_fail.cold+0x5/0xa
[  504.362422][T14627]  should_failslab+0x5/0x10
[  504.366919][T14627]  __kmalloc+0x7e/0x350
[  504.371074][T14627]  ? sk_prot_alloc+0x110/0x290
[  504.375839][T14627]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[  504.381646][T14627]  sk_prot_alloc+0x110/0x290
[  504.386246][T14627]  sk_alloc+0x36/0x770
[  504.390344][T14627]  __netlink_create+0x63/0x2f0
[  504.395107][T14627]  netlink_create+0x3ad/0x5e0
[  504.399778][T14627]  ? genl_start+0x670/0x670
[  504.404275][T14627]  __sock_create+0x353/0x790
[  504.408869][T14627]  __sys_socket+0xef/0x200
[  504.413293][T14627]  ? compat_sock_ioctl+0x660/0x660
[  504.418403][T14627]  __x64_sys_socket+0x6f/0xb0
[  504.423073][T14627]  ? syscall_enter_from_user_mode+0x21/0x70
[  504.428962][T14627]  do_syscall_64+0x35/0xb0
[  504.433390][T14627]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  504.439276][T14627] RIP: 0033:0x7f602988a767
[  504.443684][T14627] Code: f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  504.463292][T14627] RSP: 002b:00007f602aa3b0a8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  504.471752][T14627] RAX: ffffffffffffffda RBX: 00007f602999bf60 RCX: 00007f602988a767
[  504.479749][T14627] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
01:36:15 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e) (fail_nth: 4)

[  504.487726][T14627] RBP: 00007f602aa3c1d0 R08: 0000000000000000 R09: 0000000000000000
[  504.495773][T14627] R10: 00000000200003c0 R11: 0000000000000287 R12: 0000000000000001
[  504.503733][T14627] R13: 0000000000000000 R14: 00000000200003c0 R15: 0000000000022000
[  504.511701][T14627]  </TASK>
01:36:15 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  504.645772][T14639] FAULT_INJECTION: forcing a failure.
[  504.645772][T14639] name failslab, interval 1, probability 0, space 0, times 0
[  504.809257][T14639] CPU: 0 PID: 14639 Comm: syz-executor.4 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  504.819777][T14639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  504.829836][T14639] Call Trace:
[  504.833111][T14639]  <TASK>
[  504.836041][T14639]  dump_stack_lvl+0xcd/0x134
[  504.840632][T14639]  should_fail.cold+0x5/0xa
[  504.845130][T14639]  should_failslab+0x5/0x10
[  504.849632][T14639]  kmem_cache_alloc_trace+0x60/0x3f0
[  504.854926][T14639]  ? apparmor_sk_alloc_security+0x84/0x150
[  504.860879][T14639]  apparmor_sk_alloc_security+0x84/0x150
[  504.866512][T14639]  security_sk_alloc+0x50/0xb0
[  504.871278][T14639]  sk_prot_alloc+0x12e/0x290
[  504.875866][T14639]  sk_alloc+0x36/0x770
[  504.879930][T14639]  __netlink_create+0x63/0x2f0
[  504.884690][T14639]  netlink_create+0x3ad/0x5e0
[  504.889363][T14639]  ? genl_start+0x670/0x670
[  504.893859][T14639]  __sock_create+0x353/0x790
[  504.898458][T14639]  __sys_socket+0xef/0x200
[  504.902896][T14639]  ? compat_sock_ioctl+0x660/0x660
[  504.908015][T14639]  __x64_sys_socket+0x6f/0xb0
[  504.912702][T14639]  ? syscall_enter_from_user_mode+0x21/0x70
[  504.918624][T14639]  do_syscall_64+0x35/0xb0
[  504.923042][T14639]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  504.928931][T14639] RIP: 0033:0x7f644448a767
[  504.933346][T14639] Code: f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  504.952968][T14639] RSP: 002b:00007f64456c00a8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  504.961376][T14639] RAX: ffffffffffffffda RBX: 00007f644459bf60 RCX: 00007f644448a767
[  504.969342][T14639] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  504.977301][T14639] RBP: 00007f64456c11d0 R08: 0000000000000000 R09: 0000000000000000
[  504.985257][T14639] R10: 00000000200002c0 R11: 0000000000000287 R12: 0000000000000001
[  504.993213][T14639] R13: 000000000000002e R14: 00000000200002c0 R15: 0000000000022000
[  505.001183][T14639]  </TASK>
01:36:15 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:15 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:16 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:16 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:16 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e) (fail_nth: 5)

01:36:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0) (fail_nth: 4)

[  505.624117][T14654] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  505.656679][T14654] FAULT_INJECTION: forcing a failure.
[  505.656679][T14654] name failslab, interval 1, probability 0, space 0, times 0
[  505.705014][T14656] FAULT_INJECTION: forcing a failure.
[  505.705014][T14656] name failslab, interval 1, probability 0, space 0, times 0
[  505.792449][T14656] CPU: 0 PID: 14656 Comm: syz-executor.4 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  505.802990][T14656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  505.813047][T14656] Call Trace:
[  505.816322][T14656]  <TASK>
[  505.819245][T14656]  dump_stack_lvl+0xcd/0x134
[  505.823844][T14656]  should_fail.cold+0x5/0xa
[  505.828346][T14656]  should_failslab+0x5/0x10
[  505.832856][T14656]  kmem_cache_alloc_lru+0x65/0x720
[  505.837961][T14656]  ? __d_alloc+0x32/0x960
[  505.842292][T14656]  __d_alloc+0x32/0x960
[  505.846440][T14656]  ? alloc_fd+0x2f0/0x670
[  505.850770][T14656]  d_alloc_pseudo+0x19/0x70
[  505.855287][T14656]  alloc_file_pseudo+0xc6/0x250
[  505.860137][T14656]  ? alloc_file+0x590/0x590
[  505.864783][T14656]  ? _raw_spin_unlock+0x24/0x40
[  505.869647][T14656]  ? alloc_fd+0x2f0/0x670
[  505.874002][T14656]  sock_alloc_file+0x4f/0x190
[  505.878695][T14656]  __sys_socket+0x13d/0x200
[  505.883208][T14656]  ? compat_sock_ioctl+0x660/0x660
[  505.888338][T14656]  __x64_sys_socket+0x6f/0xb0
[  505.893021][T14656]  ? syscall_enter_from_user_mode+0x21/0x70
[  505.898913][T14656]  do_syscall_64+0x35/0xb0
[  505.903337][T14656]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  505.909230][T14656] RIP: 0033:0x7f644448a767
[  505.913645][T14656] Code: f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  505.933248][T14656] RSP: 002b:00007f64456c00a8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  505.941665][T14656] RAX: ffffffffffffffda RBX: 00007f644459bf60 RCX: 00007f644448a767
[  505.949640][T14656] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  505.957606][T14656] RBP: 00007f64456c11d0 R08: 0000000000000000 R09: 0000000000000000
[  505.965572][T14656] R10: 00000000200002c0 R11: 0000000000000287 R12: 0000000000000001
[  505.973536][T14656] R13: 000000000000002e R14: 00000000200002c0 R15: 0000000000022000
[  505.981515][T14656]  </TASK>
[  505.989597][T14654] CPU: 0 PID: 14654 Comm: syz-executor.0 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  506.000110][T14654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  506.010156][T14654] Call Trace:
[  506.013530][T14654]  <TASK>
[  506.016448][T14654]  dump_stack_lvl+0xcd/0x134
[  506.021038][T14654]  should_fail.cold+0x5/0xa
[  506.025535][T14654]  should_failslab+0x5/0x10
[  506.030025][T14654]  kmem_cache_alloc_trace+0x60/0x3f0
[  506.035296][T14654]  ? apparmor_sk_alloc_security+0x84/0x150
[  506.041094][T14654]  apparmor_sk_alloc_security+0x84/0x150
[  506.046720][T14654]  security_sk_alloc+0x50/0xb0
[  506.051473][T14654]  sk_prot_alloc+0x12e/0x290
[  506.056055][T14654]  sk_alloc+0x36/0x770
[  506.060114][T14654]  __netlink_create+0x63/0x2f0
[  506.064878][T14654]  netlink_create+0x3ad/0x5e0
[  506.069551][T14654]  ? genl_start+0x670/0x670
[  506.074066][T14654]  __sock_create+0x353/0x790
[  506.078682][T14654]  __sys_socket+0xef/0x200
[  506.083113][T14654]  ? compat_sock_ioctl+0x660/0x660
[  506.088230][T14654]  __x64_sys_socket+0x6f/0xb0
[  506.092905][T14654]  ? syscall_enter_from_user_mode+0x21/0x70
[  506.098795][T14654]  do_syscall_64+0x35/0xb0
[  506.103199][T14654]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  506.109083][T14654] RIP: 0033:0x7f602988a767
[  506.113498][T14654] Code: f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  506.133102][T14654] RSP: 002b:00007f602aa3b0a8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  506.141509][T14654] RAX: ffffffffffffffda RBX: 00007f602999bf60 RCX: 00007f602988a767
[  506.149471][T14654] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  506.157443][T14654] RBP: 00007f602aa3c1d0 R08: 0000000000000000 R09: 0000000000000000
[  506.165399][T14654] R10: 00000000200003c0 R11: 0000000000000287 R12: 0000000000000001
[  506.173368][T14654] R13: 0000000000000000 R14: 00000000200003c0 R15: 0000000000022000
[  506.181337][T14654]  </TASK>
01:36:17 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:17 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:17 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:17 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:17 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e) (fail_nth: 6)

01:36:17 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0) (fail_nth: 5)

01:36:18 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:18 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  507.331424][T14670] FAULT_INJECTION: forcing a failure.
[  507.331424][T14670] name failslab, interval 1, probability 0, space 0, times 0
[  507.351208][T14670] CPU: 1 PID: 14670 Comm: syz-executor.4 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  507.361756][T14670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  507.371916][T14670] Call Trace:
[  507.375205][T14670]  <TASK>
[  507.378139][T14670]  dump_stack_lvl+0xcd/0x134
[  507.382758][T14670]  should_fail.cold+0x5/0xa
[  507.387291][T14670]  ? __alloc_file+0x21/0x270
[  507.391907][T14670]  should_failslab+0x5/0x10
[  507.396431][T14670]  kmem_cache_alloc+0x5e/0x3b0
[  507.401746][T14670]  __alloc_file+0x21/0x270
[  507.406181][T14670]  alloc_empty_file+0x6d/0x170
[  507.410958][T14670]  alloc_file+0x59/0x590
[  507.415214][T14670]  alloc_file_pseudo+0x165/0x250
[  507.420168][T14670]  ? alloc_file+0x590/0x590
[  507.424710][T14670]  ? alloc_fd+0x2f0/0x670
[  507.429076][T14670]  sock_alloc_file+0x4f/0x190
[  507.433777][T14670]  __sys_socket+0x13d/0x200
[  507.438307][T14670]  ? compat_sock_ioctl+0x660/0x660
[  507.443457][T14670]  __x64_sys_socket+0x6f/0xb0
[  507.448160][T14670]  ? syscall_enter_from_user_mode+0x21/0x70
[  507.454250][T14670]  do_syscall_64+0x35/0xb0
[  507.458693][T14670]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  507.464631][T14670] RIP: 0033:0x7f644448a767
[  507.469145][T14670] Code: f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  507.488770][T14670] RSP: 002b:00007f64456c00a8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  507.497459][T14670] RAX: ffffffffffffffda RBX: 00007f644459bf60 RCX: 00007f644448a767
[  507.505445][T14670] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  507.513426][T14670] RBP: 00007f64456c11d0 R08: 0000000000000000 R09: 0000000000000000
[  507.521408][T14670] R10: 00000000200002c0 R11: 0000000000000287 R12: 0000000000000001
01:36:18 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  507.531996][T14670] R13: 000000000000002e R14: 00000000200002c0 R15: 0000000000022000
[  507.540007][T14670]  </TASK>
01:36:18 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  507.732013][T14669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:18 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  507.854945][T14669] FAULT_INJECTION: forcing a failure.
[  507.854945][T14669] name failslab, interval 1, probability 0, space 0, times 0
[  507.920765][T14669] CPU: 1 PID: 14669 Comm: syz-executor.0 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  507.931287][T14669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  507.941349][T14669] Call Trace:
[  507.944625][T14669]  <TASK>
[  507.947549][T14669]  dump_stack_lvl+0xcd/0x134
[  507.959261][T14669]  should_fail.cold+0x5/0xa
[  507.963766][T14669]  should_failslab+0x5/0x10
[  507.968258][T14669]  kmem_cache_alloc_lru+0x65/0x720
[  507.973361][T14669]  ? __d_alloc+0x32/0x960
[  507.977771][T14669]  __d_alloc+0x32/0x960
[  507.981914][T14669]  ? alloc_fd+0x2f0/0x670
[  507.986238][T14669]  d_alloc_pseudo+0x19/0x70
[  507.990747][T14669]  alloc_file_pseudo+0xc6/0x250
[  507.995586][T14669]  ? alloc_file+0x590/0x590
[  508.000077][T14669]  ? _raw_spin_unlock+0x24/0x40
[  508.004918][T14669]  ? alloc_fd+0x2f0/0x670
[  508.009244][T14669]  sock_alloc_file+0x4f/0x190
[  508.013914][T14669]  __sys_socket+0x13d/0x200
[  508.018404][T14669]  ? compat_sock_ioctl+0x660/0x660
[  508.023511][T14669]  __x64_sys_socket+0x6f/0xb0
[  508.028174][T14669]  ? syscall_enter_from_user_mode+0x21/0x70
[  508.034054][T14669]  do_syscall_64+0x35/0xb0
[  508.038760][T14669]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  508.044680][T14669] RIP: 0033:0x7f602988a767
[  508.049124][T14669] Code: f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
01:36:18 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  508.068728][T14669] RSP: 002b:00007f602aa3b0a8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029
[  508.077141][T14669] RAX: ffffffffffffffda RBX: 00007f602999bf60 RCX: 00007f602988a767
[  508.085102][T14669] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  508.093056][T14669] RBP: 00007f602aa3c1d0 R08: 0000000000000000 R09: 0000000000000000
[  508.101010][T14669] R10: 00000000200003c0 R11: 0000000000000287 R12: 0000000000000001
[  508.108963][T14669] R13: 0000000000000000 R14: 00000000200003c0 R15: 0000000000022000
[  508.116925][T14669]  </TASK>
01:36:19 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, 0x0, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:19 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, 0x0, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:19 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, 0x0, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:19 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:19 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  508.516571][T14695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:19 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0)

01:36:19 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  508.706916][T14704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:19 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:19 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x3}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  508.805987][T14704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  508.916152][T14709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x3}, 0x0, 0x0)

01:36:20 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0xf}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:20 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  509.350633][T14713] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  509.379314][T14714] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:20 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:20 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:20 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:20 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x18}, 0x0, 0x0)

01:36:20 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x48}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:20 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  509.968030][T14732] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  509.983270][T14730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:20 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  510.083216][T14730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:21 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:21 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x50}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:21 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:21 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x58}, 0x0, 0x0)

01:36:21 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:21 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  510.460957][T14740] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:21 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  510.555878][T14744] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  510.578141][T14744] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:21 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:21 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x58}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:21 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x6d}, 0x0, 0x0)

[  510.932701][T14756] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  511.062071][T14758] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  511.159602][T14758] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:22 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:22 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x6d}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  511.387310][T14763] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:22 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:22 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, 0x0, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:22 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x3}, 0x0, 0x0)

01:36:22 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0))
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  511.652038][T14770] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  511.710685][T14770] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:22 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x3}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:22 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0))
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  511.964434][T14777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:22 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x4}, 0x0, 0x0)

[  512.146848][T14779] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:23 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0))
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  512.201280][T14779] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:23 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, 0x0, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:23 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x4}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:23 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, 0x0, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:23 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, 0x0, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  512.533859][T14786] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:23 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x5}, 0x0, 0x0)

[  512.657685][T14794] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  512.690657][T14794] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:23 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, 0x0, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:23 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x5}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  513.000418][T14799] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:23 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x6}, 0x0, 0x0)

01:36:24 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, 0x0, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  513.132697][T14801] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  513.233361][T14801] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:24 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x6}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  513.456482][T14805] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:24 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, 0x0, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:24 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, 0x0, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:24 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:24 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x7}, 0x0, 0x0)

[  513.694055][T14814] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:24 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x7}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:24 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  513.901354][T14818] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:24 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x6d}, 0x0, 0x0)

[  514.202007][T14822] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:25 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x6d}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  514.301822][T14822] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  514.434323][T14825] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:25 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140), 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:25 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, 0x0, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:25 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:25 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x6d}, 0x0, 0x0)

01:36:25 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x6d}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  514.861125][T14835] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  514.878277][T14837] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  514.898582][T14835] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:25 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:26 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0)

01:36:26 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:26 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  515.351970][T14845] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:26 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140), 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:26 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:26 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140), 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  515.473462][T14847] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:26 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x0, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:26 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x2}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  515.841056][T14859] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:26 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x2}, 0x0, 0x0)

[  515.999828][T14861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:26 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x0, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  516.043560][T14861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:27 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x3}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  516.354041][T14865] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:27 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x3}, 0x0, 0x0)

01:36:27 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140), 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:27 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x0, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:27 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140), 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  516.552599][T14871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  516.610576][T14871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:27 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x4}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:27 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:27 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x4}, 0x0, 0x0)

[  516.938031][T14880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:27 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  517.025556][T14882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  517.129789][T14882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:28 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x5}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:28 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140), 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:28 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, 0x0}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  517.381014][T14887] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:28 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:28 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x5}, 0x0, 0x0)

[  517.613077][T14895] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  517.669769][T14895] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:28 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x6}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:28 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  517.874631][T14899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:28 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x6}, 0x0, 0x0)

[  518.093772][T14903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:29 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x7}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  518.278090][T14903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:29 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:29 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:29 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  518.410145][T14906] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:29 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [], 0x0, "a59f7995f969f9"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000545c0)={0x493, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r1=>0x0}], 0x38, "01125c480b1aac"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000005a700)={0x0, ""/256, <r2=>0x0, <r3=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}], 0x0, "a59f7995f969f9"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000005a700)={0x0, ""/256, <r4=>0x0, <r5=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}], 0x0, "a59f7995f969f9"})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCADDRT(r6, 0x890b, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @remote={0xac, 0x10, 0x3}}, @sco={0x1f, @none}, @nl=@unspec, 0xf0f4, 0x0, 0x0, 0x0, 0xfc01, &(0x7f0000000340)='syz_tun\x00'})
setsockopt$inet_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000001c0), 0x4)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r6, 0x81f8943c, &(0x7f0000001640)={<r7=>0x0, ""/256, <r8=>0x0, <r9=>0x0})
r10 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1)
ioctl$USBDEVFS_IOCTL(r10, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect={0x0, 0x5517, 0x48000000})
ioctl$USBDEVFS_IOCTL(r10, 0x8108551b, &(0x7f0000000380))
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r10, 0x81f8943c, &(0x7f000005a700)={0x0, ""/256, <r11=>0x0, <r12=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}], 0x0, "a59f7995f969f9"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000555c0)={0x101, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r1}, {r2}, {r4}, {}, {0x0, r12}], 0x88, "65d3180fddbe19"})
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010100, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:29 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x7}, 0x0, 0x0)

[  518.659443][T14916] hub 9-0:1.0: USB hub found
[  518.683653][T14916] hub 9-0:1.0: 8 ports detected
01:36:29 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x8}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:29 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  518.794350][T14919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  518.891944][T14924] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  518.911849][T14919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:29 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [], 0x0, "a59f7995f969f9"}) (async, rerun: 64)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000545c0)={0x493, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r1=>0x0}], 0x38, "01125c480b1aac"}) (async, rerun: 64)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000005a700)={0x0, ""/256, <r2=>0x0, <r3=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}], 0x0, "a59f7995f969f9"}) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000005a700)={0x0, ""/256, <r4=>0x0, <r5=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}], 0x0, "a59f7995f969f9"})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCADDRT(r6, 0x890b, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @remote={0xac, 0x10, 0x3}}, @sco={0x1f, @none}, @nl=@unspec, 0xf0f4, 0x0, 0x0, 0x0, 0xfc01, &(0x7f0000000340)='syz_tun\x00'}) (async)
setsockopt$inet_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000001c0), 0x4) (async, rerun: 32)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r6, 0x81f8943c, &(0x7f0000001640)={<r7=>0x0, ""/256, <r8=>0x0, <r9=>0x0}) (async, rerun: 32)
r10 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1)
ioctl$USBDEVFS_IOCTL(r10, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect={0x0, 0x5517, 0x48000000}) (async)
ioctl$USBDEVFS_IOCTL(r10, 0x8108551b, &(0x7f0000000380)) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r10, 0x81f8943c, &(0x7f000005a700)={0x0, ""/256, <r11=>0x0, <r12=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}], 0x0, "a59f7995f969f9"}) (async, rerun: 64)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000555c0)={0x101, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r1}, {r2}, {r4}, {}, {0x0, r12}], 0x88, "65d3180fddbe19"}) (rerun: 64)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010100, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:29 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [], 0x0, "a59f7995f969f9"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000545c0)={0x493, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r1=>0x0}], 0x38, "01125c480b1aac"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000005a700)={0x0, ""/256, <r2=>0x0, <r3=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}], 0x0, "a59f7995f969f9"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000005a700)={0x0, ""/256, <r4=>0x0, <r5=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}], 0x0, "a59f7995f969f9"})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCADDRT(r6, 0x890b, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @remote={0xac, 0x10, 0x3}}, @sco={0x1f, @none}, @nl=@unspec, 0xf0f4, 0x0, 0x0, 0x0, 0xfc01, &(0x7f0000000340)='syz_tun\x00'})
setsockopt$inet_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000001c0), 0x4)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r6, 0x81f8943c, &(0x7f0000001640)={<r7=>0x0, ""/256, <r8=>0x0, <r9=>0x0})
r10 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1)
ioctl$USBDEVFS_IOCTL(r10, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect={0x0, 0x5517, 0x48000000})
ioctl$USBDEVFS_IOCTL(r10, 0x8108551b, &(0x7f0000000380))
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r10, 0x81f8943c, &(0x7f000005a700)={0x0, ""/256, <r11=>0x0, <r12=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}], 0x0, "a59f7995f969f9"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000555c0)={0x101, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r1}, {r2}, {r4}, {}, {0x0, r12}], 0x88, "65d3180fddbe19"})
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010100, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [], 0x0, "a59f7995f969f9"}) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000545c0)={0x493, [], 0x38, "01125c480b1aac"}) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000005a700)) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}], 0x0, "a59f7995f969f9"}) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000005a700)) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}], 0x0, "a59f7995f969f9"}) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
ioctl$sock_SIOCADDRT(r6, 0x890b, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @remote={0xac, 0x10, 0x3}}, @sco={0x1f, @none}, @nl=@unspec, 0xf0f4, 0x0, 0x0, 0x0, 0xfc01, &(0x7f0000000340)='syz_tun\x00'}) (async)
setsockopt$inet_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000001c0), 0x4) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r6, 0x81f8943c, &(0x7f0000001640)) (async)
syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) (async)
ioctl$USBDEVFS_IOCTL(r10, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect={0x0, 0x5517, 0x48000000}) (async)
ioctl$USBDEVFS_IOCTL(r10, 0x8108551b, &(0x7f0000000380)) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r10, 0x81f8943c, &(0x7f000005a700)) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}], 0x0, "a59f7995f969f9"}) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000555c0)={0x101, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r1}, {r2}, {r4}, {}, {0x0, r12}], 0x88, "65d3180fddbe19"}) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010100, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)

01:36:29 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  519.218350][T14934] hub 9-0:1.0: USB hub found
01:36:30 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x9}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:30 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x8}, 0x0, 0x0)

[  519.282435][T14934] hub 9-0:1.0: 8 ports detected
01:36:30 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  519.334287][T14938] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:30 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  519.384003][T14941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:30 executing program 3:
r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0x580100, 0x0)
sendmsg$NL80211_CMD_SET_PMK(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x7c, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6e}}}}, [@NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "65f2da8f7176a103aa97a1c5594ebf82"}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "9ab9af45def1db06daab9297af500627"}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "d3207526f7beecc59db3127c0559f38a"}, @NL80211_ATTR_PMK={0x14, 0xfe, "a82418bb9088920b8d2866ba74f322cd"}]}, 0x7c}, 0x1, 0x0, 0x0, 0x404c0}, 0x14)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r1, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  519.440326][T14941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:30 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  519.557882][T14949] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:30 executing program 3:
r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0x580100, 0x0)
sendmsg$NL80211_CMD_SET_PMK(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x7c, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6e}}}}, [@NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "65f2da8f7176a103aa97a1c5594ebf82"}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "9ab9af45def1db06daab9297af500627"}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "d3207526f7beecc59db3127c0559f38a"}, @NL80211_ATTR_PMK={0x14, 0xfe, "a82418bb9088920b8d2866ba74f322cd"}]}, 0x7c}, 0x1, 0x0, 0x0, 0x404c0}, 0x14) (async)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r1, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:30 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:30 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0xe}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  519.714925][T14955] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:30 executing program 3:
r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0x580100, 0x0)
sendmsg$NL80211_CMD_SET_PMK(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x7c, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6e}}}}, [@NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "65f2da8f7176a103aa97a1c5594ebf82"}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "9ab9af45def1db06daab9297af500627"}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "d3207526f7beecc59db3127c0559f38a"}, @NL80211_ATTR_PMK={0x14, 0xfe, "a82418bb9088920b8d2866ba74f322cd"}]}, 0x7c}, 0x1, 0x0, 0x0, 0x404c0}, 0x14) (async)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r1, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:30 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x9}, 0x0, 0x0)

[  519.776252][T14960] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  519.862073][T14964] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:30 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @remote}, 0x10)
r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000180)=0xe2bf, 0x4)
listen(r0, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @remote}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r2, 0x400454de, 0x7fffffffefff)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0, @ANYRES64=r2, @ANYRES32=r0, @ANYBLOB="5c99b8f884600000"], 0x0)
sendto$inet(r0, &(0x7f00000001c0)="f46539375e076aeff8e219545a2e2e999ea39dfe8e6773586d633a2ee5326816bd32291a9c8bf61ea8b98403c238632285e0dc82eb711b7def6f951537dee62197ba827bfa2e4c3cde743c2807bc40b98f2f7ce84cbd0242ca200640a4f0b968aab5c84c41978c90c8215a70492030428abd6e2d5e84787704027d8bd313866226a3cb4c4c5e4b21cf45df33a8e02e8df556ea0ce4fcc37fee2e42d6df926edb567ff46aecb4089e073d31d70a0888af", 0xb0, 0x24000004, &(0x7f0000000280)={0x2, 0x4e23, @rand_addr=0x64010101}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$inet6(0xa, 0x8, 0xe4f)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r3, 0x400454de, 0x7fffffffefff)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000140)='htcp\x00', 0x5)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'wg2\x00', 0x100})

01:36:30 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  519.917447][T14964] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:30 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @remote}, 0x10) (async)
r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000180)=0xe2bf, 0x4)
listen(r0, 0x0) (async)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @remote}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
ioctl$TUNSETOFFLOAD(r2, 0x400454de, 0x7fffffffefff) (async, rerun: 64)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0, @ANYRES64=r2, @ANYRES32=r0, @ANYBLOB="5c99b8f884600000"], 0x0) (rerun: 64)
sendto$inet(r0, &(0x7f00000001c0)="f46539375e076aeff8e219545a2e2e999ea39dfe8e6773586d633a2ee5326816bd32291a9c8bf61ea8b98403c238632285e0dc82eb711b7def6f951537dee62197ba827bfa2e4c3cde743c2807bc40b98f2f7ce84cbd0242ca200640a4f0b968aab5c84c41978c90c8215a70492030428abd6e2d5e84787704027d8bd313866226a3cb4c4c5e4b21cf45df33a8e02e8df556ea0ce4fcc37fee2e42d6df926edb567ff46aecb4089e073d31d70a0888af", 0xb0, 0x24000004, &(0x7f0000000280)={0x2, 0x4e23, @rand_addr=0x64010101}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$inet6(0xa, 0x8, 0xe4f)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
ioctl$TUNSETOFFLOAD(r3, 0x400454de, 0x7fffffffefff) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000140)='htcp\x00', 0x5) (async)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'wg2\x00', 0x100})

01:36:31 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:31 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0xf}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:31 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0xe}, 0x0, 0x0)

01:36:31 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:31 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @remote}, 0x10) (async)
r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000180)=0xe2bf, 0x4) (async)
listen(r0, 0x0) (async)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @remote}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async, rerun: 32)
ioctl$TUNSETOFFLOAD(r2, 0x400454de, 0x7fffffffefff) (async, rerun: 32)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0, @ANYRES64=r2, @ANYRES32=r0, @ANYBLOB="5c99b8f884600000"], 0x0) (async)
sendto$inet(r0, &(0x7f00000001c0)="f46539375e076aeff8e219545a2e2e999ea39dfe8e6773586d633a2ee5326816bd32291a9c8bf61ea8b98403c238632285e0dc82eb711b7def6f951537dee62197ba827bfa2e4c3cde743c2807bc40b98f2f7ce84cbd0242ca200640a4f0b968aab5c84c41978c90c8215a70492030428abd6e2d5e84787704027d8bd313866226a3cb4c4c5e4b21cf45df33a8e02e8df556ea0ce4fcc37fee2e42d6df926edb567ff46aecb4089e073d31d70a0888af", 0xb0, 0x24000004, &(0x7f0000000280)={0x2, 0x4e23, @rand_addr=0x64010101}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
socket$inet6(0xa, 0x8, 0xe4f)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r3, 0x400454de, 0x7fffffffefff) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000140)='htcp\x00', 0x5)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'wg2\x00', 0x100})

01:36:31 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x0, 0x0, 0x0, 0x0, 0x200000000000000)

[  520.492305][T14986] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.508979][T14984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:31 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
sendto$inet(r0, &(0x7f0000000400)="6bd07cefb2920ebdead16d064bd672559e632353dbc5e1f2ad32aec9d0dbb6a46479a6c744d7f00278ef89b02cd870b6a6fc9dc52f9c5d0e9ceb4645229a7800678a9707c055303c4b1eff599b16fd4624b39a03ec62483c2c3d5ce9de4dce5b3804c440dc9e78591a3fc8899bbb002ef1f5964cf9da88a950f9545554ac606ee7adb0d69866e91e2b321bb7542cdb3c2aa19024fe8a1155b60577f07925ae6e094d0a1c870ca76aa84a87cb51a6cea2bfdbdbfcb38d87d6709d77eded2fc2bd7e39a153b9bb3a5ef800c8149713418aede6151796ebae46c67ca149cf844e9f31d76a3627af24d98904a6b83d673deb169178892bac5b40d7664f5247b4e3bd7a33557b5d16f53a6e136c7fb1ff9bd0e49ef22d1ae2e8426891dbf1ff12bda49d855139becfc7217f18bd92f8f4d46cdd0d821dcc7a59a1f6de28c10f334260ae8816f1205dcaf7ac408945d48a0ed16ecac4c5edf3bd47fa7e4819f5260d1cefdd389dc524c66bc20c1adfd450684c4ba899d978ba859af1d5c24483ca073c0c6532be53b61a423880763ca211aea33907b4f07a881f51c9e0fa67f9ecb86c054bfb006d1fba54e07473a54ffd9e26730bca95f09a920a914c15d417b0f1f07205ba0fa594bc14ccc68784d1eaf242acac7c78324b2a15b477f532014b1be0922a17ed219f735e6ca50ba45ca9bc718bb41a720438ebab0c0a8515e840efa563333aab80798596de91b874af0901798e4ece55129ea5ce0aa9d75e1c807afaa0a940c2886ceb5f4554186358a3de6ed0b5f1f9786b9fecd5f73f53e715ba72a9aee806204d87f08e54e9b3de250c2448d5b8ef3e985b320c39da2a151ee579a1eaba7657fcb0a818678494f0687cab8013311363a717739d70d6ebba8bf4ccc6f16fddb168bcfd897b86ee1cf480ae38aa2b625ab1c4b72d7fc598d71a12152dd00f7445abc56a70c83a957ef733dc209f4fe763b65ce7913c5e52f21e59d72a374ca63468f4ad4a59d5b18f18dee2e60951b4ea2d3e0c0e201cdb303258daf05d8314de1b6a5547cf2f495fdc884581224f167732f52a64e49684ca0b17c5bf96d0a27eaca294f594d5d7bbb6e2af803f2fee390750f533557fa6a372c780b32fa188114dfd9dcfd3be6e715e0b67e1b5c0d7ad37b3b2dce69ee8e7a7420f463bec18a89c4529f17caf7dbb2500d003213714b27c8e5e56dda63167c2e386579d51150534d2ca4678b88c2ab0eec9179417d558403e1939f35883a6ae0d1a31d24cefe32ac9968c5b03cee08ff7d2d9480f3b570b09b3dcb23c95225e542e364e9b4bc025a871f7b7c49a23e5ec80e0f196fd6802f2bfe8b8e22fbc8b1322ba583d140c29211ff4ac1b33a25b6aa47fc311c461b903e5820c9d597b9754eb4819c7a56b0570768c845dbeeddfd592e2a44dfe9dfd6c33364237293617498d917d22bc363286d59fd789e68168318bd0892cc13c11b733e00b69ed87aca655b43b4ed483f51c1cbcbada509096b5732d2fa8d3d43c62b215c406bfb98d3e9d92f8a2e27621951f57e78bfb92a319cec460adf15094475233769297beaaca63033eccb88e37126cf00e52553b693b72d526f364b4aa03dd741dd6d40da4ab8e7358569f41449f836d5256b126851dddd022cbc45b83179f8dccaeeae39a01a180c24f2f89dffb9807c5651bbb2e839d04ee3edae41c58b5aad2e2dab8095e8d6a9b68eef918ab0a276c4cd39839379435eb6ca0bc239dbe90ca97d6be97283196efa0c32d1eb78c6108fbb94efb458d95747b22562fbc9ef6521d34d9fff50263f11993a96368ddfc70d8b62069f4692ce065867292191812fe297c04db405bc21d30602a31be018db6bcf805658f8c5e05ef3802c1012a3cd8960b83e870a5d0b04486ef3f91aa82440e659c42d3c0c0e10f1a156c4cfa04ee6c5506aa69d86495022b9df3283de7094e4d4ea0594ba3332c06c0de2d45c26fb4f6c802e9efa176af05b1b148d2b0328b4833190c8c44332f04d6f4f67c6a0c3b3e5869956318bc3b7460a0ac081b3d4a6910e46a05c2b8d602ab183d5176aef7cddd9eb5db3b5604430eb7e69e2d625f0c8ba7d276228270c02e3732e4fe80f0f381a553686782db4fcb85b9291a93987866b66a027aa52af8ce37d2933e9d9e1e18a22a7cdc30bf3c48ffa1b455bbec4019c580d5f4f9ef81969c225095dea09441348baec26af571af93b20dc52d31ccd86f7fbf1ed4e292192d17400e2a0f388f5a51d7a526aa5a3e72388eae9a9683ea597b534a1eaee2845c73c8ecb96d447ce5d0653ee39d454d9c42ecd18dd5eebe38353a6190563f3d5527094850f7d6faf5f60e86f207b0fbdcfae9009dc0458c7d75171e494a844114645d97b6f245d672b69e85e715a6256c144e64f608cde2723759c4c6ad8c08a8f3e07fadd50814db486e438f71643abe852e60c804323619108a022fbab9ee11955abb04376db0363646ce7822b205cebba037553117789e83238b324637d2e22447f6c87e7b126857eac4c9d5b4d7c9cfd959a4b9594d9c402f6b1a0aa459a0b44b873795a5497853eb715ce7e89a41a749bde2b239cd79c8c19a2e0ab1954c5242d75d04f06300a116aebf970fb0d0b9784909e45d33d5e8e64b2149018afa112fe0cbce6f83df5cde4464b15845ec396f39c4708ead714ffd45a46910d866b454eafb0ad9c9ff93f85792f18071fb56b4bf0548fd3c8a815414752b0a71fd0737c296a8442dfd2246c863d03ac4d3bee6a2a61c8f87a932777f94022b137166183dd04b0f774b4a9ceec6f24b7f31e5daeacefb23a96e26eba26f9531426703489e15becc352008b201b2356b6a36e4458d464c6a86bcc37a7afe7cf9a7fc4a26ac72938a800d029cdfc6a7a6d87feb408540328e5f7d6d1aa39bcc81cd151a4688507196f802777b856f5e195c3f3fe1aee644214c1cee756de21d1520cc26a5c9add633df21e12f43767dd6364e766cd56fd56aa6cd021bbcd9b765468263f816e827fd005e51c5170b5e91002bae66eacd0ce83503b550d733e647f4673ccf4eda59b2c2391f11673b1618a48a7379821cc8e24949beb2cc39240aad883c64dfcf3ed8588d62277abfd0697daa8cb5d1591a939da9506d6577455496379caba010ea9975570e715a1dd94fc7555d38a612be0a47ac86ac2c44062fa0a73b2e2ae2a4f6189f7cadddaa20910e3d5104e55f5a4b49aa3827fc4b37767fce947cfc808b22dc3c5b486290a5a265bc4aae1cb53f75fcb766c6628d53af4fcb606aed5a484769a7ecb0a915ff063f53437b0e8c83a8af098d7aaa3f284c2bf19afae5e553f4578362bdee8f9423e4db6d5dfafbc54ed262446c628aad50b85b966c3554ebe7d2fdb8c7e5918e8e2f165cbd9dcf427599418dbce022b0b732b477359e8072556188ee27adbf1c81899bb1fab20014272b8bfbba4072ecab65f6cc4bd7860c2be3ea5f6d726449d5db6701866ec42d72ad4173ae49c3c05a638ed96d81a0c89d72f98795d217cf8b40d0a7d670109f980ac4545415c32eb1b57ba94834b1ec8809dba4dd3e1ec4772af75bfa3472e0e0809af3902208b4928f1575149b8ea388486cf1008acd86fb4a3eb43722180f13cc0fb4dbdc64bbb814ccd5887f68c4b6c14653548d55d9d3e134a54a38e97df1b590938e203f46426e439be290cd58b8c9b8bc8f2cdfaa93830f3628413250d9b11afedcbc6a883c1f2e0119d08d85455cd4ff2433093185d0a39b1bac68e24b6440175c62b1125ca4495ce40e0e663a7810bc122c3e3b0cf77196251ce2a1bf7250fd5c09cbd53c4eaf417ba78834f3480cba3e30be4823fadb63a1bbacf1b2f9e5061b4729c990573f60186e96c12ed0ff068ab9a855c18612f4c43a8d89fda0284a5fc9b85ec4f27d9ff5b0cac261d229d6bb8f2bdcd23c29f52c64fc9435d1c88d711763287200675c3bca724b386de3c26d4ff371313c1cca466db521403199d95777d0211c33e7e955480cb2856adb800ef9b6b4820d71057c9a3e720b6347f3809994847a7a1c62d02ddce09690313d703840d15580c0478141ea18a16301dfb8db63562a62188b33a9cd552d160d62606d610deef86add1ece0f0382fdc29b62b286b98050300e8976f5af4cf350f0c17162b751afe7c46b7191b61644058b6752558a66fd926b7c0a70d7f942d40debec9defb918bb0d3b766dd606568d791dc8dd0e007e904798f5a693c4b0b1adebadd6b8f8a6b4fcfde8b00b5a6f5ebbe6ad6a608776fd489345ade3ea858f4ff71ee53ae760a47751f6c4f1edeccde4172d7cd741c80875ccb370287720313600d5613804d902edcbfff8e4f879e1910c31104dd5c016894ce73652943ab82eac6e475b62ecdabd5a65e7a5bc4abf2f96d1276869fdb7ba3a2d86c67ce60825329e5e0caf71d51796430dbd613184c26078edd2616af5d4e310e572610d55016986615fa168174fad4cb8e0223ccae83fc5281921bbcdf25c8693c6c5c9511728b78b599bb4f67b4773f4e764dc86df1001b7a426954bc95538c94a80ce0095b747fce80e7634bbacae5b4a881440b1c95675d90fe81ad5ddc9fcb232db55b2ad27f962dfa41aacf400d8f2f804c80d0f9cbf325c4203990a0b4eeb836b2b71e824e87657f80c226575e76c553a83eb58c3f4228897a11f1fd92ab73afaa70c14d576a0d11c2baa3078a423215d264c7e299ff190433a1b5c61c026b5f77f6c4bb486d1d3e7b5dbc3d97033f3bc8418f864cc0b4ddf8cd06d24274977e6207bbfc2aef9a493f3e31e37c1bc9744747a3d95c7d00c16cd10e1098e462b44f3f21253ea1f0f7d353b41983126a3fae7ac7839a77e9288526c98bafe3e4bfdbdd9e1f579aa2693c1498d9af99e2a0dbcd1b0bd3b06d3b717c6a824538a77961af61751d20c25e6ddcd0b3f506aae81adb9701b9d264b26026864790488619677a01e2b6363d279c538a4eccd7eaff576b86534e179b30fb2a322e9af24e548f48a7f715411e244076e0a9cc2653089f693c33daf4f73ea64892dd54ce1af2a486ed7f6b2ad3a43a4dd968cb0310ec874c5d5f1e4761e6264c49fd70c69d4d30a12fa54e29898444037030d6d1b9514b36619b5140d47d130482171bc5ab9820c7c36de9fb46bf256dec63216143544ca38a93b99efc2ac09c0968f6039ddc87b744f9ececbaa0f049810daee87bf0cd5002323a0bfdf2606812277ebc6605c29931bbf94096a6c45acd17f5fba880b2d54aa085ee3a8dd4dfb77136075853233ee700fc9eb77a9cfad0ab6e1b4bbfc587a6f052333771abac0ddf0b2b1780482163fd17a3f8f6276afb41c5a26c52c7eb7664644841f9f6c21bf37b39347000d9f6ff18d7c2eaa8afa1616d013016b27058b36167ba72d0e5ca6d3e74233301eaedac026bdc5a8a51137881fd5f5efdc12c54cd0c196551981a7933ee30c637b21ecce54c31b390e58c478c9046d9de119aeba873fdb9bde4b4352f8f187c1869b8a012b6c0654f395be08dd11943d6d653f2b00274c0d1275b8f1ea510edd50de0d1fdb6b0cee5639393ab381970415f99eef8f5e0fe42a60fad000a47f3f7820b4a9f574a79401ca5b92abdf83e57421f8e8cbe2e8f73cb3d1f8c9d6a1a986ed17590202779bc06c3339d0f8bafaac708438dfd60245bab1b798fc0cf9afee6bcd592433b1ac56fc590f1755ac60b1fb50e74f0dc7e1cf0e6ab35ba524820560addff16a17e0e9fabcb8d5dda104d2bd5cabf761344571331e6aa148aa1b613f56", 0x1000, 0x800, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x18, &(0x7f0000000000)=0xe9, 0x4)

[  520.605529][T14994] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:31 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:31 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
sendto$inet(r0, &(0x7f0000000400)="6bd07cefb2920ebdead16d064bd672559e632353dbc5e1f2ad32aec9d0dbb6a46479a6c744d7f00278ef89b02cd870b6a6fc9dc52f9c5d0e9ceb4645229a7800678a9707c055303c4b1eff599b16fd4624b39a03ec62483c2c3d5ce9de4dce5b3804c440dc9e78591a3fc8899bbb002ef1f5964cf9da88a950f9545554ac606ee7adb0d69866e91e2b321bb7542cdb3c2aa19024fe8a1155b60577f07925ae6e094d0a1c870ca76aa84a87cb51a6cea2bfdbdbfcb38d87d6709d77eded2fc2bd7e39a153b9bb3a5ef800c8149713418aede6151796ebae46c67ca149cf844e9f31d76a3627af24d98904a6b83d673deb169178892bac5b40d7664f5247b4e3bd7a33557b5d16f53a6e136c7fb1ff9bd0e49ef22d1ae2e8426891dbf1ff12bda49d855139becfc7217f18bd92f8f4d46cdd0d821dcc7a59a1f6de28c10f334260ae8816f1205dcaf7ac408945d48a0ed16ecac4c5edf3bd47fa7e4819f5260d1cefdd389dc524c66bc20c1adfd450684c4ba899d978ba859af1d5c24483ca073c0c6532be53b61a423880763ca211aea33907b4f07a881f51c9e0fa67f9ecb86c054bfb006d1fba54e07473a54ffd9e26730bca95f09a920a914c15d417b0f1f07205ba0fa594bc14ccc68784d1eaf242acac7c78324b2a15b477f532014b1be0922a17ed219f735e6ca50ba45ca9bc718bb41a720438ebab0c0a8515e840efa563333aab80798596de91b874af0901798e4ece55129ea5ce0aa9d75e1c807afaa0a940c2886ceb5f4554186358a3de6ed0b5f1f9786b9fecd5f73f53e715ba72a9aee806204d87f08e54e9b3de250c2448d5b8ef3e985b320c39da2a151ee579a1eaba7657fcb0a818678494f0687cab8013311363a717739d70d6ebba8bf4ccc6f16fddb168bcfd897b86ee1cf480ae38aa2b625ab1c4b72d7fc598d71a12152dd00f7445abc56a70c83a957ef733dc209f4fe763b65ce7913c5e52f21e59d72a374ca63468f4ad4a59d5b18f18dee2e60951b4ea2d3e0c0e201cdb303258daf05d8314de1b6a5547cf2f495fdc884581224f167732f52a64e49684ca0b17c5bf96d0a27eaca294f594d5d7bbb6e2af803f2fee390750f533557fa6a372c780b32fa188114dfd9dcfd3be6e715e0b67e1b5c0d7ad37b3b2dce69ee8e7a7420f463bec18a89c4529f17caf7dbb2500d003213714b27c8e5e56dda63167c2e386579d51150534d2ca4678b88c2ab0eec9179417d558403e1939f35883a6ae0d1a31d24cefe32ac9968c5b03cee08ff7d2d9480f3b570b09b3dcb23c95225e542e364e9b4bc025a871f7b7c49a23e5ec80e0f196fd6802f2bfe8b8e22fbc8b1322ba583d140c29211ff4ac1b33a25b6aa47fc311c461b903e5820c9d597b9754eb4819c7a56b0570768c845dbeeddfd592e2a44dfe9dfd6c33364237293617498d917d22bc363286d59fd789e68168318bd0892cc13c11b733e00b69ed87aca655b43b4ed483f51c1cbcbada509096b5732d2fa8d3d43c62b215c406bfb98d3e9d92f8a2e27621951f57e78bfb92a319cec460adf15094475233769297beaaca63033eccb88e37126cf00e52553b693b72d526f364b4aa03dd741dd6d40da4ab8e7358569f41449f836d5256b126851dddd022cbc45b83179f8dccaeeae39a01a180c24f2f89dffb9807c5651bbb2e839d04ee3edae41c58b5aad2e2dab8095e8d6a9b68eef918ab0a276c4cd39839379435eb6ca0bc239dbe90ca97d6be97283196efa0c32d1eb78c6108fbb94efb458d95747b22562fbc9ef6521d34d9fff50263f11993a96368ddfc70d8b62069f4692ce065867292191812fe297c04db405bc21d30602a31be018db6bcf805658f8c5e05ef3802c1012a3cd8960b83e870a5d0b04486ef3f91aa82440e659c42d3c0c0e10f1a156c4cfa04ee6c5506aa69d86495022b9df3283de7094e4d4ea0594ba3332c06c0de2d45c26fb4f6c802e9efa176af05b1b148d2b0328b4833190c8c44332f04d6f4f67c6a0c3b3e5869956318bc3b7460a0ac081b3d4a6910e46a05c2b8d602ab183d5176aef7cddd9eb5db3b5604430eb7e69e2d625f0c8ba7d276228270c02e3732e4fe80f0f381a553686782db4fcb85b9291a93987866b66a027aa52af8ce37d2933e9d9e1e18a22a7cdc30bf3c48ffa1b455bbec4019c580d5f4f9ef81969c225095dea09441348baec26af571af93b20dc52d31ccd86f7fbf1ed4e292192d17400e2a0f388f5a51d7a526aa5a3e72388eae9a9683ea597b534a1eaee2845c73c8ecb96d447ce5d0653ee39d454d9c42ecd18dd5eebe38353a6190563f3d5527094850f7d6faf5f60e86f207b0fbdcfae9009dc0458c7d75171e494a844114645d97b6f245d672b69e85e715a6256c144e64f608cde2723759c4c6ad8c08a8f3e07fadd50814db486e438f71643abe852e60c804323619108a022fbab9ee11955abb04376db0363646ce7822b205cebba037553117789e83238b324637d2e22447f6c87e7b126857eac4c9d5b4d7c9cfd959a4b9594d9c402f6b1a0aa459a0b44b873795a5497853eb715ce7e89a41a749bde2b239cd79c8c19a2e0ab1954c5242d75d04f06300a116aebf970fb0d0b9784909e45d33d5e8e64b2149018afa112fe0cbce6f83df5cde4464b15845ec396f39c4708ead714ffd45a46910d866b454eafb0ad9c9ff93f85792f18071fb56b4bf0548fd3c8a815414752b0a71fd0737c296a8442dfd2246c863d03ac4d3bee6a2a61c8f87a932777f94022b137166183dd04b0f774b4a9ceec6f24b7f31e5daeacefb23a96e26eba26f9531426703489e15becc352008b201b2356b6a36e4458d464c6a86bcc37a7afe7cf9a7fc4a26ac72938a800d029cdfc6a7a6d87feb408540328e5f7d6d1aa39bcc81cd151a4688507196f802777b856f5e195c3f3fe1aee644214c1cee756de21d1520cc26a5c9add633df21e12f43767dd6364e766cd56fd56aa6cd021bbcd9b765468263f816e827fd005e51c5170b5e91002bae66eacd0ce83503b550d733e647f4673ccf4eda59b2c2391f11673b1618a48a7379821cc8e24949beb2cc39240aad883c64dfcf3ed8588d62277abfd0697daa8cb5d1591a939da9506d6577455496379caba010ea9975570e715a1dd94fc7555d38a612be0a47ac86ac2c44062fa0a73b2e2ae2a4f6189f7cadddaa20910e3d5104e55f5a4b49aa3827fc4b37767fce947cfc808b22dc3c5b486290a5a265bc4aae1cb53f75fcb766c6628d53af4fcb606aed5a484769a7ecb0a915ff063f53437b0e8c83a8af098d7aaa3f284c2bf19afae5e553f4578362bdee8f9423e4db6d5dfafbc54ed262446c628aad50b85b966c3554ebe7d2fdb8c7e5918e8e2f165cbd9dcf427599418dbce022b0b732b477359e8072556188ee27adbf1c81899bb1fab20014272b8bfbba4072ecab65f6cc4bd7860c2be3ea5f6d726449d5db6701866ec42d72ad4173ae49c3c05a638ed96d81a0c89d72f98795d217cf8b40d0a7d670109f980ac4545415c32eb1b57ba94834b1ec8809dba4dd3e1ec4772af75bfa3472e0e0809af3902208b4928f1575149b8ea388486cf1008acd86fb4a3eb43722180f13cc0fb4dbdc64bbb814ccd5887f68c4b6c14653548d55d9d3e134a54a38e97df1b590938e203f46426e439be290cd58b8c9b8bc8f2cdfaa93830f3628413250d9b11afedcbc6a883c1f2e0119d08d85455cd4ff2433093185d0a39b1bac68e24b6440175c62b1125ca4495ce40e0e663a7810bc122c3e3b0cf77196251ce2a1bf7250fd5c09cbd53c4eaf417ba78834f3480cba3e30be4823fadb63a1bbacf1b2f9e5061b4729c990573f60186e96c12ed0ff068ab9a855c18612f4c43a8d89fda0284a5fc9b85ec4f27d9ff5b0cac261d229d6bb8f2bdcd23c29f52c64fc9435d1c88d711763287200675c3bca724b386de3c26d4ff371313c1cca466db521403199d95777d0211c33e7e955480cb2856adb800ef9b6b4820d71057c9a3e720b6347f3809994847a7a1c62d02ddce09690313d703840d15580c0478141ea18a16301dfb8db63562a62188b33a9cd552d160d62606d610deef86add1ece0f0382fdc29b62b286b98050300e8976f5af4cf350f0c17162b751afe7c46b7191b61644058b6752558a66fd926b7c0a70d7f942d40debec9defb918bb0d3b766dd606568d791dc8dd0e007e904798f5a693c4b0b1adebadd6b8f8a6b4fcfde8b00b5a6f5ebbe6ad6a608776fd489345ade3ea858f4ff71ee53ae760a47751f6c4f1edeccde4172d7cd741c80875ccb370287720313600d5613804d902edcbfff8e4f879e1910c31104dd5c016894ce73652943ab82eac6e475b62ecdabd5a65e7a5bc4abf2f96d1276869fdb7ba3a2d86c67ce60825329e5e0caf71d51796430dbd613184c26078edd2616af5d4e310e572610d55016986615fa168174fad4cb8e0223ccae83fc5281921bbcdf25c8693c6c5c9511728b78b599bb4f67b4773f4e764dc86df1001b7a426954bc95538c94a80ce0095b747fce80e7634bbacae5b4a881440b1c95675d90fe81ad5ddc9fcb232db55b2ad27f962dfa41aacf400d8f2f804c80d0f9cbf325c4203990a0b4eeb836b2b71e824e87657f80c226575e76c553a83eb58c3f4228897a11f1fd92ab73afaa70c14d576a0d11c2baa3078a423215d264c7e299ff190433a1b5c61c026b5f77f6c4bb486d1d3e7b5dbc3d97033f3bc8418f864cc0b4ddf8cd06d24274977e6207bbfc2aef9a493f3e31e37c1bc9744747a3d95c7d00c16cd10e1098e462b44f3f21253ea1f0f7d353b41983126a3fae7ac7839a77e9288526c98bafe3e4bfdbdd9e1f579aa2693c1498d9af99e2a0dbcd1b0bd3b06d3b717c6a824538a77961af61751d20c25e6ddcd0b3f506aae81adb9701b9d264b26026864790488619677a01e2b6363d279c538a4eccd7eaff576b86534e179b30fb2a322e9af24e548f48a7f715411e244076e0a9cc2653089f693c33daf4f73ea64892dd54ce1af2a486ed7f6b2ad3a43a4dd968cb0310ec874c5d5f1e4761e6264c49fd70c69d4d30a12fa54e29898444037030d6d1b9514b36619b5140d47d130482171bc5ab9820c7c36de9fb46bf256dec63216143544ca38a93b99efc2ac09c0968f6039ddc87b744f9ececbaa0f049810daee87bf0cd5002323a0bfdf2606812277ebc6605c29931bbf94096a6c45acd17f5fba880b2d54aa085ee3a8dd4dfb77136075853233ee700fc9eb77a9cfad0ab6e1b4bbfc587a6f052333771abac0ddf0b2b1780482163fd17a3f8f6276afb41c5a26c52c7eb7664644841f9f6c21bf37b39347000d9f6ff18d7c2eaa8afa1616d013016b27058b36167ba72d0e5ca6d3e74233301eaedac026bdc5a8a51137881fd5f5efdc12c54cd0c196551981a7933ee30c637b21ecce54c31b390e58c478c9046d9de119aeba873fdb9bde4b4352f8f187c1869b8a012b6c0654f395be08dd11943d6d653f2b00274c0d1275b8f1ea510edd50de0d1fdb6b0cee5639393ab381970415f99eef8f5e0fe42a60fad000a47f3f7820b4a9f574a79401ca5b92abdf83e57421f8e8cbe2e8f73cb3d1f8c9d6a1a986ed17590202779bc06c3339d0f8bafaac708438dfd60245bab1b798fc0cf9afee6bcd592433b1ac56fc590f1755ac60b1fb50e74f0dc7e1cf0e6ab35ba524820560addff16a17e0e9fabcb8d5dda104d2bd5cabf761344571331e6aa148aa1b613f56", 0x1000, 0x800, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
setsockopt$inet_tcp_int(r0, 0x6, 0x18, &(0x7f0000000000)=0xe9, 0x4)

01:36:31 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
sendto$inet(r0, &(0x7f0000000400)="6bd07cefb2920ebdead16d064bd672559e632353dbc5e1f2ad32aec9d0dbb6a46479a6c744d7f00278ef89b02cd870b6a6fc9dc52f9c5d0e9ceb4645229a7800678a9707c055303c4b1eff599b16fd4624b39a03ec62483c2c3d5ce9de4dce5b3804c440dc9e78591a3fc8899bbb002ef1f5964cf9da88a950f9545554ac606ee7adb0d69866e91e2b321bb7542cdb3c2aa19024fe8a1155b60577f07925ae6e094d0a1c870ca76aa84a87cb51a6cea2bfdbdbfcb38d87d6709d77eded2fc2bd7e39a153b9bb3a5ef800c8149713418aede6151796ebae46c67ca149cf844e9f31d76a3627af24d98904a6b83d673deb169178892bac5b40d7664f5247b4e3bd7a33557b5d16f53a6e136c7fb1ff9bd0e49ef22d1ae2e8426891dbf1ff12bda49d855139becfc7217f18bd92f8f4d46cdd0d821dcc7a59a1f6de28c10f334260ae8816f1205dcaf7ac408945d48a0ed16ecac4c5edf3bd47fa7e4819f5260d1cefdd389dc524c66bc20c1adfd450684c4ba899d978ba859af1d5c24483ca073c0c6532be53b61a423880763ca211aea33907b4f07a881f51c9e0fa67f9ecb86c054bfb006d1fba54e07473a54ffd9e26730bca95f09a920a914c15d417b0f1f07205ba0fa594bc14ccc68784d1eaf242acac7c78324b2a15b477f532014b1be0922a17ed219f735e6ca50ba45ca9bc718bb41a720438ebab0c0a8515e840efa563333aab80798596de91b874af0901798e4ece55129ea5ce0aa9d75e1c807afaa0a940c2886ceb5f4554186358a3de6ed0b5f1f9786b9fecd5f73f53e715ba72a9aee806204d87f08e54e9b3de250c2448d5b8ef3e985b320c39da2a151ee579a1eaba7657fcb0a818678494f0687cab8013311363a717739d70d6ebba8bf4ccc6f16fddb168bcfd897b86ee1cf480ae38aa2b625ab1c4b72d7fc598d71a12152dd00f7445abc56a70c83a957ef733dc209f4fe763b65ce7913c5e52f21e59d72a374ca63468f4ad4a59d5b18f18dee2e60951b4ea2d3e0c0e201cdb303258daf05d8314de1b6a5547cf2f495fdc884581224f167732f52a64e49684ca0b17c5bf96d0a27eaca294f594d5d7bbb6e2af803f2fee390750f533557fa6a372c780b32fa188114dfd9dcfd3be6e715e0b67e1b5c0d7ad37b3b2dce69ee8e7a7420f463bec18a89c4529f17caf7dbb2500d003213714b27c8e5e56dda63167c2e386579d51150534d2ca4678b88c2ab0eec9179417d558403e1939f35883a6ae0d1a31d24cefe32ac9968c5b03cee08ff7d2d9480f3b570b09b3dcb23c95225e542e364e9b4bc025a871f7b7c49a23e5ec80e0f196fd6802f2bfe8b8e22fbc8b1322ba583d140c29211ff4ac1b33a25b6aa47fc311c461b903e5820c9d597b9754eb4819c7a56b0570768c845dbeeddfd592e2a44dfe9dfd6c33364237293617498d917d22bc363286d59fd789e68168318bd0892cc13c11b733e00b69ed87aca655b43b4ed483f51c1cbcbada509096b5732d2fa8d3d43c62b215c406bfb98d3e9d92f8a2e27621951f57e78bfb92a319cec460adf15094475233769297beaaca63033eccb88e37126cf00e52553b693b72d526f364b4aa03dd741dd6d40da4ab8e7358569f41449f836d5256b126851dddd022cbc45b83179f8dccaeeae39a01a180c24f2f89dffb9807c5651bbb2e839d04ee3edae41c58b5aad2e2dab8095e8d6a9b68eef918ab0a276c4cd39839379435eb6ca0bc239dbe90ca97d6be97283196efa0c32d1eb78c6108fbb94efb458d95747b22562fbc9ef6521d34d9fff50263f11993a96368ddfc70d8b62069f4692ce065867292191812fe297c04db405bc21d30602a31be018db6bcf805658f8c5e05ef3802c1012a3cd8960b83e870a5d0b04486ef3f91aa82440e659c42d3c0c0e10f1a156c4cfa04ee6c5506aa69d86495022b9df3283de7094e4d4ea0594ba3332c06c0de2d45c26fb4f6c802e9efa176af05b1b148d2b0328b4833190c8c44332f04d6f4f67c6a0c3b3e5869956318bc3b7460a0ac081b3d4a6910e46a05c2b8d602ab183d5176aef7cddd9eb5db3b5604430eb7e69e2d625f0c8ba7d276228270c02e3732e4fe80f0f381a553686782db4fcb85b9291a93987866b66a027aa52af8ce37d2933e9d9e1e18a22a7cdc30bf3c48ffa1b455bbec4019c580d5f4f9ef81969c225095dea09441348baec26af571af93b20dc52d31ccd86f7fbf1ed4e292192d17400e2a0f388f5a51d7a526aa5a3e72388eae9a9683ea597b534a1eaee2845c73c8ecb96d447ce5d0653ee39d454d9c42ecd18dd5eebe38353a6190563f3d5527094850f7d6faf5f60e86f207b0fbdcfae9009dc0458c7d75171e494a844114645d97b6f245d672b69e85e715a6256c144e64f608cde2723759c4c6ad8c08a8f3e07fadd50814db486e438f71643abe852e60c804323619108a022fbab9ee11955abb04376db0363646ce7822b205cebba037553117789e83238b324637d2e22447f6c87e7b126857eac4c9d5b4d7c9cfd959a4b9594d9c402f6b1a0aa459a0b44b873795a5497853eb715ce7e89a41a749bde2b239cd79c8c19a2e0ab1954c5242d75d04f06300a116aebf970fb0d0b9784909e45d33d5e8e64b2149018afa112fe0cbce6f83df5cde4464b15845ec396f39c4708ead714ffd45a46910d866b454eafb0ad9c9ff93f85792f18071fb56b4bf0548fd3c8a815414752b0a71fd0737c296a8442dfd2246c863d03ac4d3bee6a2a61c8f87a932777f94022b137166183dd04b0f774b4a9ceec6f24b7f31e5daeacefb23a96e26eba26f9531426703489e15becc352008b201b2356b6a36e4458d464c6a86bcc37a7afe7cf9a7fc4a26ac72938a800d029cdfc6a7a6d87feb408540328e5f7d6d1aa39bcc81cd151a4688507196f802777b856f5e195c3f3fe1aee644214c1cee756de21d1520cc26a5c9add633df21e12f43767dd6364e766cd56fd56aa6cd021bbcd9b765468263f816e827fd005e51c5170b5e91002bae66eacd0ce83503b550d733e647f4673ccf4eda59b2c2391f11673b1618a48a7379821cc8e24949beb2cc39240aad883c64dfcf3ed8588d62277abfd0697daa8cb5d1591a939da9506d6577455496379caba010ea9975570e715a1dd94fc7555d38a612be0a47ac86ac2c44062fa0a73b2e2ae2a4f6189f7cadddaa20910e3d5104e55f5a4b49aa3827fc4b37767fce947cfc808b22dc3c5b486290a5a265bc4aae1cb53f75fcb766c6628d53af4fcb606aed5a484769a7ecb0a915ff063f53437b0e8c83a8af098d7aaa3f284c2bf19afae5e553f4578362bdee8f9423e4db6d5dfafbc54ed262446c628aad50b85b966c3554ebe7d2fdb8c7e5918e8e2f165cbd9dcf427599418dbce022b0b732b477359e8072556188ee27adbf1c81899bb1fab20014272b8bfbba4072ecab65f6cc4bd7860c2be3ea5f6d726449d5db6701866ec42d72ad4173ae49c3c05a638ed96d81a0c89d72f98795d217cf8b40d0a7d670109f980ac4545415c32eb1b57ba94834b1ec8809dba4dd3e1ec4772af75bfa3472e0e0809af3902208b4928f1575149b8ea388486cf1008acd86fb4a3eb43722180f13cc0fb4dbdc64bbb814ccd5887f68c4b6c14653548d55d9d3e134a54a38e97df1b590938e203f46426e439be290cd58b8c9b8bc8f2cdfaa93830f3628413250d9b11afedcbc6a883c1f2e0119d08d85455cd4ff2433093185d0a39b1bac68e24b6440175c62b1125ca4495ce40e0e663a7810bc122c3e3b0cf77196251ce2a1bf7250fd5c09cbd53c4eaf417ba78834f3480cba3e30be4823fadb63a1bbacf1b2f9e5061b4729c990573f60186e96c12ed0ff068ab9a855c18612f4c43a8d89fda0284a5fc9b85ec4f27d9ff5b0cac261d229d6bb8f2bdcd23c29f52c64fc9435d1c88d711763287200675c3bca724b386de3c26d4ff371313c1cca466db521403199d95777d0211c33e7e955480cb2856adb800ef9b6b4820d71057c9a3e720b6347f3809994847a7a1c62d02ddce09690313d703840d15580c0478141ea18a16301dfb8db63562a62188b33a9cd552d160d62606d610deef86add1ece0f0382fdc29b62b286b98050300e8976f5af4cf350f0c17162b751afe7c46b7191b61644058b6752558a66fd926b7c0a70d7f942d40debec9defb918bb0d3b766dd606568d791dc8dd0e007e904798f5a693c4b0b1adebadd6b8f8a6b4fcfde8b00b5a6f5ebbe6ad6a608776fd489345ade3ea858f4ff71ee53ae760a47751f6c4f1edeccde4172d7cd741c80875ccb370287720313600d5613804d902edcbfff8e4f879e1910c31104dd5c016894ce73652943ab82eac6e475b62ecdabd5a65e7a5bc4abf2f96d1276869fdb7ba3a2d86c67ce60825329e5e0caf71d51796430dbd613184c26078edd2616af5d4e310e572610d55016986615fa168174fad4cb8e0223ccae83fc5281921bbcdf25c8693c6c5c9511728b78b599bb4f67b4773f4e764dc86df1001b7a426954bc95538c94a80ce0095b747fce80e7634bbacae5b4a881440b1c95675d90fe81ad5ddc9fcb232db55b2ad27f962dfa41aacf400d8f2f804c80d0f9cbf325c4203990a0b4eeb836b2b71e824e87657f80c226575e76c553a83eb58c3f4228897a11f1fd92ab73afaa70c14d576a0d11c2baa3078a423215d264c7e299ff190433a1b5c61c026b5f77f6c4bb486d1d3e7b5dbc3d97033f3bc8418f864cc0b4ddf8cd06d24274977e6207bbfc2aef9a493f3e31e37c1bc9744747a3d95c7d00c16cd10e1098e462b44f3f21253ea1f0f7d353b41983126a3fae7ac7839a77e9288526c98bafe3e4bfdbdd9e1f579aa2693c1498d9af99e2a0dbcd1b0bd3b06d3b717c6a824538a77961af61751d20c25e6ddcd0b3f506aae81adb9701b9d264b26026864790488619677a01e2b6363d279c538a4eccd7eaff576b86534e179b30fb2a322e9af24e548f48a7f715411e244076e0a9cc2653089f693c33daf4f73ea64892dd54ce1af2a486ed7f6b2ad3a43a4dd968cb0310ec874c5d5f1e4761e6264c49fd70c69d4d30a12fa54e29898444037030d6d1b9514b36619b5140d47d130482171bc5ab9820c7c36de9fb46bf256dec63216143544ca38a93b99efc2ac09c0968f6039ddc87b744f9ececbaa0f049810daee87bf0cd5002323a0bfdf2606812277ebc6605c29931bbf94096a6c45acd17f5fba880b2d54aa085ee3a8dd4dfb77136075853233ee700fc9eb77a9cfad0ab6e1b4bbfc587a6f052333771abac0ddf0b2b1780482163fd17a3f8f6276afb41c5a26c52c7eb7664644841f9f6c21bf37b39347000d9f6ff18d7c2eaa8afa1616d013016b27058b36167ba72d0e5ca6d3e74233301eaedac026bdc5a8a51137881fd5f5efdc12c54cd0c196551981a7933ee30c637b21ecce54c31b390e58c478c9046d9de119aeba873fdb9bde4b4352f8f187c1869b8a012b6c0654f395be08dd11943d6d653f2b00274c0d1275b8f1ea510edd50de0d1fdb6b0cee5639393ab381970415f99eef8f5e0fe42a60fad000a47f3f7820b4a9f574a79401ca5b92abdf83e57421f8e8cbe2e8f73cb3d1f8c9d6a1a986ed17590202779bc06c3339d0f8bafaac708438dfd60245bab1b798fc0cf9afee6bcd592433b1ac56fc590f1755ac60b1fb50e74f0dc7e1cf0e6ab35ba524820560addff16a17e0e9fabcb8d5dda104d2bd5cabf761344571331e6aa148aa1b613f56", 0x1000, 0x800, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x18, &(0x7f0000000000)=0xe9, 0x4)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
sendto$inet(r0, &(0x7f0000000400)="6bd07cefb2920ebdead16d064bd672559e632353dbc5e1f2ad32aec9d0dbb6a46479a6c744d7f00278ef89b02cd870b6a6fc9dc52f9c5d0e9ceb4645229a7800678a9707c055303c4b1eff599b16fd4624b39a03ec62483c2c3d5ce9de4dce5b3804c440dc9e78591a3fc8899bbb002ef1f5964cf9da88a950f9545554ac606ee7adb0d69866e91e2b321bb7542cdb3c2aa19024fe8a1155b60577f07925ae6e094d0a1c870ca76aa84a87cb51a6cea2bfdbdbfcb38d87d6709d77eded2fc2bd7e39a153b9bb3a5ef800c8149713418aede6151796ebae46c67ca149cf844e9f31d76a3627af24d98904a6b83d673deb169178892bac5b40d7664f5247b4e3bd7a33557b5d16f53a6e136c7fb1ff9bd0e49ef22d1ae2e8426891dbf1ff12bda49d855139becfc7217f18bd92f8f4d46cdd0d821dcc7a59a1f6de28c10f334260ae8816f1205dcaf7ac408945d48a0ed16ecac4c5edf3bd47fa7e4819f5260d1cefdd389dc524c66bc20c1adfd450684c4ba899d978ba859af1d5c24483ca073c0c6532be53b61a423880763ca211aea33907b4f07a881f51c9e0fa67f9ecb86c054bfb006d1fba54e07473a54ffd9e26730bca95f09a920a914c15d417b0f1f07205ba0fa594bc14ccc68784d1eaf242acac7c78324b2a15b477f532014b1be0922a17ed219f735e6ca50ba45ca9bc718bb41a720438ebab0c0a8515e840efa563333aab80798596de91b874af0901798e4ece55129ea5ce0aa9d75e1c807afaa0a940c2886ceb5f4554186358a3de6ed0b5f1f9786b9fecd5f73f53e715ba72a9aee806204d87f08e54e9b3de250c2448d5b8ef3e985b320c39da2a151ee579a1eaba7657fcb0a818678494f0687cab8013311363a717739d70d6ebba8bf4ccc6f16fddb168bcfd897b86ee1cf480ae38aa2b625ab1c4b72d7fc598d71a12152dd00f7445abc56a70c83a957ef733dc209f4fe763b65ce7913c5e52f21e59d72a374ca63468f4ad4a59d5b18f18dee2e60951b4ea2d3e0c0e201cdb303258daf05d8314de1b6a5547cf2f495fdc884581224f167732f52a64e49684ca0b17c5bf96d0a27eaca294f594d5d7bbb6e2af803f2fee390750f533557fa6a372c780b32fa188114dfd9dcfd3be6e715e0b67e1b5c0d7ad37b3b2dce69ee8e7a7420f463bec18a89c4529f17caf7dbb2500d003213714b27c8e5e56dda63167c2e386579d51150534d2ca4678b88c2ab0eec9179417d558403e1939f35883a6ae0d1a31d24cefe32ac9968c5b03cee08ff7d2d9480f3b570b09b3dcb23c95225e542e364e9b4bc025a871f7b7c49a23e5ec80e0f196fd6802f2bfe8b8e22fbc8b1322ba583d140c29211ff4ac1b33a25b6aa47fc311c461b903e5820c9d597b9754eb4819c7a56b0570768c845dbeeddfd592e2a44dfe9dfd6c33364237293617498d917d22bc363286d59fd789e68168318bd0892cc13c11b733e00b69ed87aca655b43b4ed483f51c1cbcbada509096b5732d2fa8d3d43c62b215c406bfb98d3e9d92f8a2e27621951f57e78bfb92a319cec460adf15094475233769297beaaca63033eccb88e37126cf00e52553b693b72d526f364b4aa03dd741dd6d40da4ab8e7358569f41449f836d5256b126851dddd022cbc45b83179f8dccaeeae39a01a180c24f2f89dffb9807c5651bbb2e839d04ee3edae41c58b5aad2e2dab8095e8d6a9b68eef918ab0a276c4cd39839379435eb6ca0bc239dbe90ca97d6be97283196efa0c32d1eb78c6108fbb94efb458d95747b22562fbc9ef6521d34d9fff50263f11993a96368ddfc70d8b62069f4692ce065867292191812fe297c04db405bc21d30602a31be018db6bcf805658f8c5e05ef3802c1012a3cd8960b83e870a5d0b04486ef3f91aa82440e659c42d3c0c0e10f1a156c4cfa04ee6c5506aa69d86495022b9df3283de7094e4d4ea0594ba3332c06c0de2d45c26fb4f6c802e9efa176af05b1b148d2b0328b4833190c8c44332f04d6f4f67c6a0c3b3e5869956318bc3b7460a0ac081b3d4a6910e46a05c2b8d602ab183d5176aef7cddd9eb5db3b5604430eb7e69e2d625f0c8ba7d276228270c02e3732e4fe80f0f381a553686782db4fcb85b9291a93987866b66a027aa52af8ce37d2933e9d9e1e18a22a7cdc30bf3c48ffa1b455bbec4019c580d5f4f9ef81969c225095dea09441348baec26af571af93b20dc52d31ccd86f7fbf1ed4e292192d17400e2a0f388f5a51d7a526aa5a3e72388eae9a9683ea597b534a1eaee2845c73c8ecb96d447ce5d0653ee39d454d9c42ecd18dd5eebe38353a6190563f3d5527094850f7d6faf5f60e86f207b0fbdcfae9009dc0458c7d75171e494a844114645d97b6f245d672b69e85e715a6256c144e64f608cde2723759c4c6ad8c08a8f3e07fadd50814db486e438f71643abe852e60c804323619108a022fbab9ee11955abb04376db0363646ce7822b205cebba037553117789e83238b324637d2e22447f6c87e7b126857eac4c9d5b4d7c9cfd959a4b9594d9c402f6b1a0aa459a0b44b873795a5497853eb715ce7e89a41a749bde2b239cd79c8c19a2e0ab1954c5242d75d04f06300a116aebf970fb0d0b9784909e45d33d5e8e64b2149018afa112fe0cbce6f83df5cde4464b15845ec396f39c4708ead714ffd45a46910d866b454eafb0ad9c9ff93f85792f18071fb56b4bf0548fd3c8a815414752b0a71fd0737c296a8442dfd2246c863d03ac4d3bee6a2a61c8f87a932777f94022b137166183dd04b0f774b4a9ceec6f24b7f31e5daeacefb23a96e26eba26f9531426703489e15becc352008b201b2356b6a36e4458d464c6a86bcc37a7afe7cf9a7fc4a26ac72938a800d029cdfc6a7a6d87feb408540328e5f7d6d1aa39bcc81cd151a4688507196f802777b856f5e195c3f3fe1aee644214c1cee756de21d1520cc26a5c9add633df21e12f43767dd6364e766cd56fd56aa6cd021bbcd9b765468263f816e827fd005e51c5170b5e91002bae66eacd0ce83503b550d733e647f4673ccf4eda59b2c2391f11673b1618a48a7379821cc8e24949beb2cc39240aad883c64dfcf3ed8588d62277abfd0697daa8cb5d1591a939da9506d6577455496379caba010ea9975570e715a1dd94fc7555d38a612be0a47ac86ac2c44062fa0a73b2e2ae2a4f6189f7cadddaa20910e3d5104e55f5a4b49aa3827fc4b37767fce947cfc808b22dc3c5b486290a5a265bc4aae1cb53f75fcb766c6628d53af4fcb606aed5a484769a7ecb0a915ff063f53437b0e8c83a8af098d7aaa3f284c2bf19afae5e553f4578362bdee8f9423e4db6d5dfafbc54ed262446c628aad50b85b966c3554ebe7d2fdb8c7e5918e8e2f165cbd9dcf427599418dbce022b0b732b477359e8072556188ee27adbf1c81899bb1fab20014272b8bfbba4072ecab65f6cc4bd7860c2be3ea5f6d726449d5db6701866ec42d72ad4173ae49c3c05a638ed96d81a0c89d72f98795d217cf8b40d0a7d670109f980ac4545415c32eb1b57ba94834b1ec8809dba4dd3e1ec4772af75bfa3472e0e0809af3902208b4928f1575149b8ea388486cf1008acd86fb4a3eb43722180f13cc0fb4dbdc64bbb814ccd5887f68c4b6c14653548d55d9d3e134a54a38e97df1b590938e203f46426e439be290cd58b8c9b8bc8f2cdfaa93830f3628413250d9b11afedcbc6a883c1f2e0119d08d85455cd4ff2433093185d0a39b1bac68e24b6440175c62b1125ca4495ce40e0e663a7810bc122c3e3b0cf77196251ce2a1bf7250fd5c09cbd53c4eaf417ba78834f3480cba3e30be4823fadb63a1bbacf1b2f9e5061b4729c990573f60186e96c12ed0ff068ab9a855c18612f4c43a8d89fda0284a5fc9b85ec4f27d9ff5b0cac261d229d6bb8f2bdcd23c29f52c64fc9435d1c88d711763287200675c3bca724b386de3c26d4ff371313c1cca466db521403199d95777d0211c33e7e955480cb2856adb800ef9b6b4820d71057c9a3e720b6347f3809994847a7a1c62d02ddce09690313d703840d15580c0478141ea18a16301dfb8db63562a62188b33a9cd552d160d62606d610deef86add1ece0f0382fdc29b62b286b98050300e8976f5af4cf350f0c17162b751afe7c46b7191b61644058b6752558a66fd926b7c0a70d7f942d40debec9defb918bb0d3b766dd606568d791dc8dd0e007e904798f5a693c4b0b1adebadd6b8f8a6b4fcfde8b00b5a6f5ebbe6ad6a608776fd489345ade3ea858f4ff71ee53ae760a47751f6c4f1edeccde4172d7cd741c80875ccb370287720313600d5613804d902edcbfff8e4f879e1910c31104dd5c016894ce73652943ab82eac6e475b62ecdabd5a65e7a5bc4abf2f96d1276869fdb7ba3a2d86c67ce60825329e5e0caf71d51796430dbd613184c26078edd2616af5d4e310e572610d55016986615fa168174fad4cb8e0223ccae83fc5281921bbcdf25c8693c6c5c9511728b78b599bb4f67b4773f4e764dc86df1001b7a426954bc95538c94a80ce0095b747fce80e7634bbacae5b4a881440b1c95675d90fe81ad5ddc9fcb232db55b2ad27f962dfa41aacf400d8f2f804c80d0f9cbf325c4203990a0b4eeb836b2b71e824e87657f80c226575e76c553a83eb58c3f4228897a11f1fd92ab73afaa70c14d576a0d11c2baa3078a423215d264c7e299ff190433a1b5c61c026b5f77f6c4bb486d1d3e7b5dbc3d97033f3bc8418f864cc0b4ddf8cd06d24274977e6207bbfc2aef9a493f3e31e37c1bc9744747a3d95c7d00c16cd10e1098e462b44f3f21253ea1f0f7d353b41983126a3fae7ac7839a77e9288526c98bafe3e4bfdbdd9e1f579aa2693c1498d9af99e2a0dbcd1b0bd3b06d3b717c6a824538a77961af61751d20c25e6ddcd0b3f506aae81adb9701b9d264b26026864790488619677a01e2b6363d279c538a4eccd7eaff576b86534e179b30fb2a322e9af24e548f48a7f715411e244076e0a9cc2653089f693c33daf4f73ea64892dd54ce1af2a486ed7f6b2ad3a43a4dd968cb0310ec874c5d5f1e4761e6264c49fd70c69d4d30a12fa54e29898444037030d6d1b9514b36619b5140d47d130482171bc5ab9820c7c36de9fb46bf256dec63216143544ca38a93b99efc2ac09c0968f6039ddc87b744f9ececbaa0f049810daee87bf0cd5002323a0bfdf2606812277ebc6605c29931bbf94096a6c45acd17f5fba880b2d54aa085ee3a8dd4dfb77136075853233ee700fc9eb77a9cfad0ab6e1b4bbfc587a6f052333771abac0ddf0b2b1780482163fd17a3f8f6276afb41c5a26c52c7eb7664644841f9f6c21bf37b39347000d9f6ff18d7c2eaa8afa1616d013016b27058b36167ba72d0e5ca6d3e74233301eaedac026bdc5a8a51137881fd5f5efdc12c54cd0c196551981a7933ee30c637b21ecce54c31b390e58c478c9046d9de119aeba873fdb9bde4b4352f8f187c1869b8a012b6c0654f395be08dd11943d6d653f2b00274c0d1275b8f1ea510edd50de0d1fdb6b0cee5639393ab381970415f99eef8f5e0fe42a60fad000a47f3f7820b4a9f574a79401ca5b92abdf83e57421f8e8cbe2e8f73cb3d1f8c9d6a1a986ed17590202779bc06c3339d0f8bafaac708438dfd60245bab1b798fc0cf9afee6bcd592433b1ac56fc590f1755ac60b1fb50e74f0dc7e1cf0e6ab35ba524820560addff16a17e0e9fabcb8d5dda104d2bd5cabf761344571331e6aa148aa1b613f56", 0x1000, 0x800, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
setsockopt$inet_tcp_int(r0, 0x6, 0x18, &(0x7f0000000000)=0xe9, 0x4) (async)

01:36:31 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x11}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:31 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac90fa3d28b0a23b5b8dbd6e741414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

[  520.924994][T15005] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:32 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:32 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0xf}, 0x0, 0x0)

01:36:32 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac90fa3d28b0a23b5b8dbd6e741414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac90fa3d28b0a23b5b8dbd6e741414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0) (async)

01:36:32 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x0, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:32 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x0, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:32 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x12}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:32 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async, rerun: 32)
listen(r0, 0x0) (async, rerun: 32)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac90fa3d28b0a23b5b8dbd6e741414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

[  521.429582][T15020] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  521.457571][T15015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:32 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:32 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  521.532073][T15015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:32 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:32 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  521.701813][T15035] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:32 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x14}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:32 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:32 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x11}, 0x0, 0x0)

[  521.845935][T15039] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:32 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  521.989939][T15043] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  522.016325][T15046] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  522.068129][T15043] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:33 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x0, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:33 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:33 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:33 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x15}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:33 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x0, 0x0, 0x0, 0x0, 0x200000000000000)

[  522.326752][T15052] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:33 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, 0x0, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  522.374274][T15053] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:33 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x9)
fadvise64(r0, 0x6, 0x1e2, 0x1)
listen(r0, 0x0)
fcntl$setsig(r0, 0xa, 0xb)
ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(0xffffffffffffffff, 0x40184152, &(0x7f0000000400)={0x0, &(0x7f0000000340)=[&(0x7f0000000180)="e944e7b58ef4d0391cdb6b4aee4f051c54b305ba9591af1509b1d62e0dec9fb1146d1067d89b8b4a9ffb91ef63bb83e3c0985c82890c1f24585c27f8ecb486c7d9b2b6c05f9957a10f8c373eee096b0d3a3509d11099de15e855bd45777bacfc99b4c6b4aa13e60c180b326e632a69ae4268ab189de721a356174b414810b1527e57a368e278818c8658b24ad1d633ecc5b12ba33905caffa95dc2a37f37c9457fbc2391e65de95a32ba7cb5be10dbdce0f792acdba8fb650dcc4329f6a7f2", &(0x7f0000000240)="58050851ba0b4c4c0c122c9942cef0ca1e41e0074e2f24b37876fa5c3d2d877f100e0aeb0b8a97734d9746c8963e4446ce6a8264388fd3f1ac88a76be4a18c296f5ad7a515a6655f4e155094b03c2bd92f90b7f618c8539f7d911adfe5ffe9c466fbcbdb35376aabc7e67c8e74c75564893ed540882103d2a123c52d72c02998767fbea1f98486e7bed3f88451bd9c1888baa647a756bc7a6d67679f5130bcbb9260cca30c8bd61ec3ba54ca8036e19f92913f5033a225e7ba44fdd2446e08fa96248ce2bd99562c0b18fc2d016ccc8be544f7ace6643dd82f62b3dc9acc"], 0x9})
r1 = accept$inet(r0, 0x0, &(0x7f0000000000))
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r2, &(0x7f00000000c0)="0bc3994865dc600e1d2e5b10d4f343cc25966f0b03f37beaff1f5c440396d1457a91bb551c44d80a4ea9b79a46f7296144b776d45a77c526e662d5adea24f64181add041a87d4cf4220859efe5228bd2e34a77b25dc8f34812889f1a7567b297a17e7397923fb1bc", 0x68, 0x24000004, &(0x7f0000000140)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

01:36:33 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x12}, 0x0, 0x0)

[  522.536549][T15061] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  522.569068][T15064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:33 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x9) (async)
fadvise64(r0, 0x6, 0x1e2, 0x1) (async)
listen(r0, 0x0) (async)
fcntl$setsig(r0, 0xa, 0xb) (async)
ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(0xffffffffffffffff, 0x40184152, &(0x7f0000000400)={0x0, &(0x7f0000000340)=[&(0x7f0000000180)="e944e7b58ef4d0391cdb6b4aee4f051c54b305ba9591af1509b1d62e0dec9fb1146d1067d89b8b4a9ffb91ef63bb83e3c0985c82890c1f24585c27f8ecb486c7d9b2b6c05f9957a10f8c373eee096b0d3a3509d11099de15e855bd45777bacfc99b4c6b4aa13e60c180b326e632a69ae4268ab189de721a356174b414810b1527e57a368e278818c8658b24ad1d633ecc5b12ba33905caffa95dc2a37f37c9457fbc2391e65de95a32ba7cb5be10dbdce0f792acdba8fb650dcc4329f6a7f2", &(0x7f0000000240)="58050851ba0b4c4c0c122c9942cef0ca1e41e0074e2f24b37876fa5c3d2d877f100e0aeb0b8a97734d9746c8963e4446ce6a8264388fd3f1ac88a76be4a18c296f5ad7a515a6655f4e155094b03c2bd92f90b7f618c8539f7d911adfe5ffe9c466fbcbdb35376aabc7e67c8e74c75564893ed540882103d2a123c52d72c02998767fbea1f98486e7bed3f88451bd9c1888baa647a756bc7a6d67679f5130bcbb9260cca30c8bd61ec3ba54ca8036e19f92913f5033a225e7ba44fdd2446e08fa96248ce2bd99562c0b18fc2d016ccc8be544f7ace6643dd82f62b3dc9acc"], 0x9})
r1 = accept$inet(r0, 0x0, &(0x7f0000000000))
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r2, &(0x7f00000000c0)="0bc3994865dc600e1d2e5b10d4f343cc25966f0b03f37beaff1f5c440396d1457a91bb551c44d80a4ea9b79a46f7296144b776d45a77c526e662d5adea24f64181add041a87d4cf4220859efe5228bd2e34a77b25dc8f34812889f1a7567b297a17e7397923fb1bc", 0x68, 0x24000004, &(0x7f0000000140)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

01:36:33 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, 0x0, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  522.641636][T15064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:33 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x16}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:33 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, 0x0, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  522.777079][T15069] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:34 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x0, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:34 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x9)
fadvise64(r0, 0x6, 0x1e2, 0x1)
listen(r0, 0x0) (async)
fcntl$setsig(r0, 0xa, 0xb) (async)
ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(0xffffffffffffffff, 0x40184152, &(0x7f0000000400)={0x0, &(0x7f0000000340)=[&(0x7f0000000180)="e944e7b58ef4d0391cdb6b4aee4f051c54b305ba9591af1509b1d62e0dec9fb1146d1067d89b8b4a9ffb91ef63bb83e3c0985c82890c1f24585c27f8ecb486c7d9b2b6c05f9957a10f8c373eee096b0d3a3509d11099de15e855bd45777bacfc99b4c6b4aa13e60c180b326e632a69ae4268ab189de721a356174b414810b1527e57a368e278818c8658b24ad1d633ecc5b12ba33905caffa95dc2a37f37c9457fbc2391e65de95a32ba7cb5be10dbdce0f792acdba8fb650dcc4329f6a7f2", &(0x7f0000000240)="58050851ba0b4c4c0c122c9942cef0ca1e41e0074e2f24b37876fa5c3d2d877f100e0aeb0b8a97734d9746c8963e4446ce6a8264388fd3f1ac88a76be4a18c296f5ad7a515a6655f4e155094b03c2bd92f90b7f618c8539f7d911adfe5ffe9c466fbcbdb35376aabc7e67c8e74c75564893ed540882103d2a123c52d72c02998767fbea1f98486e7bed3f88451bd9c1888baa647a756bc7a6d67679f5130bcbb9260cca30c8bd61ec3ba54ca8036e19f92913f5033a225e7ba44fdd2446e08fa96248ce2bd99562c0b18fc2d016ccc8be544f7ace6643dd82f62b3dc9acc"], 0x9}) (async)
r1 = accept$inet(r0, 0x0, &(0x7f0000000000))
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r2, &(0x7f00000000c0)="0bc3994865dc600e1d2e5b10d4f343cc25966f0b03f37beaff1f5c440396d1457a91bb551c44d80a4ea9b79a46f7296144b776d45a77c526e662d5adea24f64181add041a87d4cf4220859efe5228bd2e34a77b25dc8f34812889f1a7567b297a17e7397923fb1bc", 0x68, 0x24000004, &(0x7f0000000140)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

01:36:34 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140), 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:34 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x14}, 0x0, 0x0)

01:36:34 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x9)
fadvise64(r0, 0x6, 0x1e2, 0x1)
listen(r0, 0x0)
fcntl$setsig(r0, 0xa, 0xb)
ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(0xffffffffffffffff, 0x40184152, &(0x7f0000000400)={0x0, &(0x7f0000000340)=[&(0x7f0000000180)="e944e7b58ef4d0391cdb6b4aee4f051c54b305ba9591af1509b1d62e0dec9fb1146d1067d89b8b4a9ffb91ef63bb83e3c0985c82890c1f24585c27f8ecb486c7d9b2b6c05f9957a10f8c373eee096b0d3a3509d11099de15e855bd45777bacfc99b4c6b4aa13e60c180b326e632a69ae4268ab189de721a356174b414810b1527e57a368e278818c8658b24ad1d633ecc5b12ba33905caffa95dc2a37f37c9457fbc2391e65de95a32ba7cb5be10dbdce0f792acdba8fb650dcc4329f6a7f2", &(0x7f0000000240)="58050851ba0b4c4c0c122c9942cef0ca1e41e0074e2f24b37876fa5c3d2d877f100e0aeb0b8a97734d9746c8963e4446ce6a8264388fd3f1ac88a76be4a18c296f5ad7a515a6655f4e155094b03c2bd92f90b7f618c8539f7d911adfe5ffe9c466fbcbdb35376aabc7e67c8e74c75564893ed540882103d2a123c52d72c02998767fbea1f98486e7bed3f88451bd9c1888baa647a756bc7a6d67679f5130bcbb9260cca30c8bd61ec3ba54ca8036e19f92913f5033a225e7ba44fdd2446e08fa96248ce2bd99562c0b18fc2d016ccc8be544f7ace6643dd82f62b3dc9acc"], 0x9})
r1 = accept$inet(r0, 0x0, &(0x7f0000000000))
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r2, &(0x7f00000000c0)="0bc3994865dc600e1d2e5b10d4f343cc25966f0b03f37beaff1f5c440396d1457a91bb551c44d80a4ea9b79a46f7296144b776d45a77c526e662d5adea24f64181add041a87d4cf4220859efe5228bd2e34a77b25dc8f34812889f1a7567b297a17e7397923fb1bc", 0x68, 0x24000004, &(0x7f0000000140)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

01:36:34 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x17}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  523.319369][T15080] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:34 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000000000)=0x5, 0x4)
syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045000028000000000006904e22551d54072436ba1d18691cc1bae983e5ac1043bfa336f43d36851a5b62ba3963f6f9820fd6303afaea8eb29ee7", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

01:36:34 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x9)
fadvise64(r0, 0x6, 0x1e2, 0x1)
listen(r0, 0x0)
fcntl$setsig(r0, 0xa, 0xb)
ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(0xffffffffffffffff, 0x40184152, &(0x7f0000000400)={0x0, &(0x7f0000000340)=[&(0x7f0000000180)="e944e7b58ef4d0391cdb6b4aee4f051c54b305ba9591af1509b1d62e0dec9fb1146d1067d89b8b4a9ffb91ef63bb83e3c0985c82890c1f24585c27f8ecb486c7d9b2b6c05f9957a10f8c373eee096b0d3a3509d11099de15e855bd45777bacfc99b4c6b4aa13e60c180b326e632a69ae4268ab189de721a356174b414810b1527e57a368e278818c8658b24ad1d633ecc5b12ba33905caffa95dc2a37f37c9457fbc2391e65de95a32ba7cb5be10dbdce0f792acdba8fb650dcc4329f6a7f2", &(0x7f0000000240)="58050851ba0b4c4c0c122c9942cef0ca1e41e0074e2f24b37876fa5c3d2d877f100e0aeb0b8a97734d9746c8963e4446ce6a8264388fd3f1ac88a76be4a18c296f5ad7a515a6655f4e155094b03c2bd92f90b7f618c8539f7d911adfe5ffe9c466fbcbdb35376aabc7e67c8e74c75564893ed540882103d2a123c52d72c02998767fbea1f98486e7bed3f88451bd9c1888baa647a756bc7a6d67679f5130bcbb9260cca30c8bd61ec3ba54ca8036e19f92913f5033a225e7ba44fdd2446e08fa96248ce2bd99562c0b18fc2d016ccc8be544f7ace6643dd82f62b3dc9acc"], 0x9})
r1 = accept$inet(r0, 0x0, &(0x7f0000000000))
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r2, &(0x7f00000000c0)="0bc3994865dc600e1d2e5b10d4f343cc25966f0b03f37beaff1f5c440396d1457a91bb551c44d80a4ea9b79a46f7296144b776d45a77c526e662d5adea24f64181add041a87d4cf4220859efe5228bd2e34a77b25dc8f34812889f1a7567b297a17e7397923fb1bc", 0x68, 0x24000004, &(0x7f0000000140)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

[  523.380575][T15080] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  523.380662][T15090] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:34 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140), 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:34 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000000000)=0x5, 0x4)
syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045000028000000000006904e22551d54072436ba1d18691cc1bae983e5ac1043bfa336f43d36851a5b62ba3963f6f9820fd6303afaea8eb29ee7", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
pipe2(&(0x7f0000000040), 0x0) (async)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async)
setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000000000)=0x5, 0x4) (async)
syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045000028000000000006904e22551d54072436ba1d18691cc1bae983e5ac1043bfa336f43d36851a5b62ba3963f6f9820fd6303afaea8eb29ee7", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0) (async)

01:36:34 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x9)
fadvise64(r0, 0x6, 0x1e2, 0x1)
listen(r0, 0x0)
fcntl$setsig(r0, 0xa, 0xb)
ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(0xffffffffffffffff, 0x40184152, &(0x7f0000000400)={0x0, &(0x7f0000000340)=[&(0x7f0000000180)="e944e7b58ef4d0391cdb6b4aee4f051c54b305ba9591af1509b1d62e0dec9fb1146d1067d89b8b4a9ffb91ef63bb83e3c0985c82890c1f24585c27f8ecb486c7d9b2b6c05f9957a10f8c373eee096b0d3a3509d11099de15e855bd45777bacfc99b4c6b4aa13e60c180b326e632a69ae4268ab189de721a356174b414810b1527e57a368e278818c8658b24ad1d633ecc5b12ba33905caffa95dc2a37f37c9457fbc2391e65de95a32ba7cb5be10dbdce0f792acdba8fb650dcc4329f6a7f2", &(0x7f0000000240)="58050851ba0b4c4c0c122c9942cef0ca1e41e0074e2f24b37876fa5c3d2d877f100e0aeb0b8a97734d9746c8963e4446ce6a8264388fd3f1ac88a76be4a18c296f5ad7a515a6655f4e155094b03c2bd92f90b7f618c8539f7d911adfe5ffe9c466fbcbdb35376aabc7e67c8e74c75564893ed540882103d2a123c52d72c02998767fbea1f98486e7bed3f88451bd9c1888baa647a756bc7a6d67679f5130bcbb9260cca30c8bd61ec3ba54ca8036e19f92913f5033a225e7ba44fdd2446e08fa96248ce2bd99562c0b18fc2d016ccc8be544f7ace6643dd82f62b3dc9acc"], 0x9})
r1 = accept$inet(r0, 0x0, &(0x7f0000000000))
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r2, &(0x7f00000000c0)="0bc3994865dc600e1d2e5b10d4f343cc25966f0b03f37beaff1f5c440396d1457a91bb551c44d80a4ea9b79a46f7296144b776d45a77c526e662d5adea24f64181add041a87d4cf4220859efe5228bd2e34a77b25dc8f34812889f1a7567b297a17e7397923fb1bc", 0x68, 0x24000004, &(0x7f0000000140)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

01:36:34 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000000000)=0x5, 0x4)
syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045000028000000000006904e22551d54072436ba1d18691cc1bae983e5ac1043bfa336f43d36851a5b62ba3963f6f9820fd6303afaea8eb29ee7", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
pipe2(&(0x7f0000000040), 0x0) (async)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async)
setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000000000)=0x5, 0x4) (async)
syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045000028000000000006904e22551d54072436ba1d18691cc1bae983e5ac1043bfa336f43d36851a5b62ba3963f6f9820fd6303afaea8eb29ee7", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0) (async)

01:36:34 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x18}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:34 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140), 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:34 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x0, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:34 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0)
bind(r1, &(0x7f0000000040)=@nfc_llcp={0x27, 0x0, 0x0, 0x2, 0xff, 0x4, "7972ff3ae8f36a7961a621cd44ced5759ac55c458a6591431147446801128753cfa044251dd2fad61518ea3439af7ba195c6d0a8c7a7dfbb6618dd2c12474d", 0x6}, 0x80)

01:36:34 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x15}, 0x0, 0x0)

01:36:34 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x11}, 0x0, 0x0)

[  524.050122][T15116] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  524.057713][T15118] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  524.085337][T15121] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:34 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  524.105330][T15119] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  524.120992][T15121] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:35 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0)
bind(r1, &(0x7f0000000040)=@nfc_llcp={0x27, 0x0, 0x0, 0x2, 0xff, 0x4, "7972ff3ae8f36a7961a621cd44ced5759ac55c458a6591431147446801128753cfa044251dd2fad61518ea3439af7ba195c6d0a8c7a7dfbb6618dd2c12474d", 0x6}, 0x80)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0) (async)
bind(r1, &(0x7f0000000040)=@nfc_llcp={0x27, 0x0, 0x0, 0x2, 0xff, 0x4, "7972ff3ae8f36a7961a621cd44ced5759ac55c458a6591431147446801128753cfa044251dd2fad61518ea3439af7ba195c6d0a8c7a7dfbb6618dd2c12474d", 0x6}, 0x80) (async)

01:36:35 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  524.158484][T15119] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:35 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0)
bind(r1, &(0x7f0000000040)=@nfc_llcp={0x27, 0x0, 0x0, 0x2, 0xff, 0x4, "7972ff3ae8f36a7961a621cd44ced5759ac55c458a6591431147446801128753cfa044251dd2fad61518ea3439af7ba195c6d0a8c7a7dfbb6618dd2c12474d", 0x6}, 0x80)

[  524.215673][T15126] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
01:36:35 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:35 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="1b60b020d2620e8c58"], 0x0)

01:36:35 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x19}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:35 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x0, 0x0, 0x0, 0x0, 0x200000000000000)

[  524.473476][T15145] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:35 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x0, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:35 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0) (async)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10) (async)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="1b60b020d2620e8c58"], 0x0)

01:36:35 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x0, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:35 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [], 0x0, "a59f7995f969f9"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000545c0)={0x493, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r1=>0x0}], 0x38, "01125c480b1aac"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000005a700)={0x0, ""/256, <r2=>0x0, <r3=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}], 0x0, "a59f7995f969f9"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000005a700)={0x0, ""/256, <r4=>0x0, <r5=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}], 0x0, "a59f7995f969f9"})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCADDRT(r6, 0x890b, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @remote={0xac, 0x10, 0x3}}, @sco={0x1f, @none}, @nl=@unspec, 0xf0f4, 0x0, 0x0, 0x0, 0xfc01, &(0x7f0000000340)='syz_tun\x00'})
setsockopt$inet_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000001c0), 0x4)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r6, 0x81f8943c, &(0x7f0000001640)={<r7=>0x0, ""/256, <r8=>0x0, <r9=>0x0})
r10 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1)
ioctl$USBDEVFS_IOCTL(r10, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect={0x0, 0x5517, 0x48000000})
ioctl$USBDEVFS_IOCTL(r10, 0x8108551b, &(0x7f0000000380))
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r10, 0x81f8943c, &(0x7f000005a700)={0x0, ""/256, <r11=>0x0, <r12=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000440)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}], 0x0, "a59f7995f969f9"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000555c0)={0x101, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r1}, {r2}, {r4}, {}, {0x0, r12}], 0x88, "65d3180fddbe19"})
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010100, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:35 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x16}, 0x0, 0x0)

01:36:35 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x1a}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  524.920979][T15155] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  524.946870][T15155] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  524.979593][T15157] hub 9-0:1.0: USB hub found
01:36:35 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10) (async)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="1b60b020d2620e8c58"], 0x0)

[  525.003536][T15157] hub 9-0:1.0: 8 ports detected
01:36:35 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x0, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:36 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/kfence', 0x48000, 0x4)
sendto$inet(r0, &(0x7f00000023c0)="2d1f7885aa210fa7957906b82ef0cd4841652443f095d6fddf5926d230e3cc2b16d9703ee0cdcb8b20b61737de8bd9fe22ed76ca94e17fb645d0fc80621a79ecff9412ed3c539fdb5b135435ade0c88c7c52331da235365dee8abce13a05e795bb03ed3e8220c3ea44c6527f0135c31430e1dbb50eb033a3c0308e6ebb2cd422a66cde9c9e26857eea", 0x89, 0x480c1, &(0x7f00000002c0)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
listen(0xffffffffffffffff, 0x0)
syz_emit_ethernet(0xee, &(0x7f0000000000)={@local, @multicast, @void, {@mpls_mc={0x8848, {[{0xffffa, 0x0, 0x1}], @generic="6151f28103acf218cce0e84b4fb64f9f5b21e523b351fecd65076e5904313418049216ad27b67ba60a53bc61f14c88cd4078bcb5c18e854700111b48c1fe1381da24083ad688823206289d6dfba8ad08789aef8b64e52a6e308f902e53609d448275801468a8ef4796adee7f64f5beeb979c39a7c781fe7bf07c2e6f0e34b0308bd8dfa5acf547e2f7a3634d89b50f482e2c7d401a151d46a2d13a81c79e4cf7c94203bdc38a95ef09d667f3625af05c1d3c5930aab0d0bf79a57bd73fa78947056c9065d6b2fa878c708dc20667418fba62d63e84f4e290044c8365"}}}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a300000000020000000000a01010000000000000000010000000900010073797a300000000028000000060a03000000000000000000010000000900010073397a300000000008000b4000000000140000001100010000000000000000000000000a"], 0x90}}, 0x0)
recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f0000000140)=""/165, 0xa5}, {&(0x7f00000003c0)=""/4096, 0x1000}], 0x3, &(0x7f00000013c0)=""/4096, 0x1000}, 0x40000000)

[  525.148584][T15167] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:36 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x6}, 0x0, 0x0)

01:36:36 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x5}, 0x0, 0x0)

01:36:36 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/kfence', 0x48000, 0x4)
sendto$inet(r0, &(0x7f00000023c0)="2d1f7885aa210fa7957906b82ef0cd4841652443f095d6fddf5926d230e3cc2b16d9703ee0cdcb8b20b61737de8bd9fe22ed76ca94e17fb645d0fc80621a79ecff9412ed3c539fdb5b135435ade0c88c7c52331da235365dee8abce13a05e795bb03ed3e8220c3ea44c6527f0135c31430e1dbb50eb033a3c0308e6ebb2cd422a66cde9c9e26857eea", 0x89, 0x480c1, &(0x7f00000002c0)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
listen(0xffffffffffffffff, 0x0)
syz_emit_ethernet(0xee, &(0x7f0000000000)={@local, @multicast, @void, {@mpls_mc={0x8848, {[{0xffffa, 0x0, 0x1}], @generic="6151f28103acf218cce0e84b4fb64f9f5b21e523b351fecd65076e5904313418049216ad27b67ba60a53bc61f14c88cd4078bcb5c18e854700111b48c1fe1381da24083ad688823206289d6dfba8ad08789aef8b64e52a6e308f902e53609d448275801468a8ef4796adee7f64f5beeb979c39a7c781fe7bf07c2e6f0e34b0308bd8dfa5acf547e2f7a3634d89b50f482e2c7d401a151d46a2d13a81c79e4cf7c94203bdc38a95ef09d667f3625af05c1d3c5930aab0d0bf79a57bd73fa78947056c9065d6b2fa878c708dc20667418fba62d63e84f4e290044c8365"}}}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a300000000020000000000a01010000000000000000010000000900010073797a300000000028000000060a03000000000000000000010000000900010073397a300000000008000b4000000000140000001100010000000000000000000000000a"], 0x90}}, 0x0)
recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f0000000140)=""/165, 0xa5}, {&(0x7f00000003c0)=""/4096, 0x1000}], 0x3, &(0x7f00000013c0)=""/4096, 0x1000}, 0x40000000)

01:36:36 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x17}, 0x0, 0x0)

[  525.349470][T15173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  525.376671][T15175] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  525.456087][T15179] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  525.470107][T15181] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  525.472191][T15173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  525.502934][T15179] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:36 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x4}, 0x0, 0x0)

01:36:36 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async, rerun: 32)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/kfence', 0x48000, 0x4) (rerun: 32)
sendto$inet(r0, &(0x7f00000023c0)="2d1f7885aa210fa7957906b82ef0cd4841652443f095d6fddf5926d230e3cc2b16d9703ee0cdcb8b20b61737de8bd9fe22ed76ca94e17fb645d0fc80621a79ecff9412ed3c539fdb5b135435ade0c88c7c52331da235365dee8abce13a05e795bb03ed3e8220c3ea44c6527f0135c31430e1dbb50eb033a3c0308e6ebb2cd422a66cde9c9e26857eea", 0x89, 0x480c1, &(0x7f00000002c0)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10) (async)
listen(0xffffffffffffffff, 0x0) (async, rerun: 32)
syz_emit_ethernet(0xee, &(0x7f0000000000)={@local, @multicast, @void, {@mpls_mc={0x8848, {[{0xffffa, 0x0, 0x1}], @generic="6151f28103acf218cce0e84b4fb64f9f5b21e523b351fecd65076e5904313418049216ad27b67ba60a53bc61f14c88cd4078bcb5c18e854700111b48c1fe1381da24083ad688823206289d6dfba8ad08789aef8b64e52a6e308f902e53609d448275801468a8ef4796adee7f64f5beeb979c39a7c781fe7bf07c2e6f0e34b0308bd8dfa5acf547e2f7a3634d89b50f482e2c7d401a151d46a2d13a81c79e4cf7c94203bdc38a95ef09d667f3625af05c1d3c5930aab0d0bf79a57bd73fa78947056c9065d6b2fa878c708dc20667418fba62d63e84f4e290044c8365"}}}}, 0x0) (async, rerun: 32)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a300000000020000000000a01010000000000000000010000000900010073797a300000000028000000060a03000000000000000000010000000900010073397a300000000008000b4000000000140000001100010000000000000000000000000a"], 0x90}}, 0x0) (async)
recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f0000000140)=""/165, 0xa5}, {&(0x7f00000003c0)=""/4096, 0x1000}], 0x3, &(0x7f00000013c0)=""/4096, 0x1000}, 0x40000000)

01:36:36 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x1b}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:36 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x2}, 0x0, 0x0)

01:36:36 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x18}, 0x0, 0x0)

[  525.872537][T15184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  525.881356][T15189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:36 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x6d}, 0x0, 0x0)

01:36:36 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4)
getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, &(0x7f0000000000)=""/1, &(0x7f0000000040)=0x1)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = syz_open_dev$vcsu(&(0x7f0000000080), 0x5, 0x430380)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r2=>r1, {0x4}}, './file0\x00'})
setsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f0000000200)=0x9, 0x4)
getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f00000000c0)={'filter\x00', 0x0, 0x0, 0x0, [0x1, 0x4, 0x9c3c, 0x7, 0x5, 0x8]}, &(0x7f0000000140)=0x78)

[  525.914562][T15189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  525.957938][T15195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  525.974139][T15194] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:36 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4)
getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, &(0x7f0000000000)=""/1, &(0x7f0000000040)=0x1) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
r1 = syz_open_dev$vcsu(&(0x7f0000000080), 0x5, 0x430380)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r2=>r1, {0x4}}, './file0\x00'})
setsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f0000000200)=0x9, 0x4) (async)
getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f00000000c0)={'filter\x00', 0x0, 0x0, 0x0, [0x1, 0x4, 0x9c3c, 0x7, 0x5, 0x8]}, &(0x7f0000000140)=0x78)

01:36:36 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4)
getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, &(0x7f0000000000)=""/1, &(0x7f0000000040)=0x1)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = syz_open_dev$vcsu(&(0x7f0000000080), 0x5, 0x430380)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r2=>r1, {0x4}}, './file0\x00'})
setsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f0000000200)=0x9, 0x4)
getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f00000000c0)={'filter\x00', 0x0, 0x0, 0x0, [0x1, 0x4, 0x9c3c, 0x7, 0x5, 0x8]}, &(0x7f0000000140)=0x78)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4) (async)
getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, &(0x7f0000000000)=""/1, &(0x7f0000000040)=0x1) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
syz_open_dev$vcsu(&(0x7f0000000080), 0x5, 0x430380) (async)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x4}}, './file0\x00'}) (async)
setsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f0000000200)=0x9, 0x4) (async)
getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f00000000c0)={'filter\x00', 0x0, 0x0, 0x0, [0x1, 0x4, 0x9c3c, 0x7, 0x5, 0x8]}, &(0x7f0000000140)=0x78) (async)

01:36:36 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaa8fea70d1366aa3f5ab4cae07aab71d6004500002800000000000690780a010102ac1414aa00004e22ac765c5024be7224a4a0fff2b978c6316b", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

[  525.999648][T15197] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  526.015641][T15194] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  526.027209][T15195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  526.042166][T15197] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:36 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaa8fea70d1366aa3f5ab4cae07aab71d6004500002800000000000690780a010102ac1414aa00004e22ac765c5024be7224a4a0fff2b978c6316b", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

01:36:37 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaa8fea70d1366aa3f5ab4cae07aab71d6004500002800000000000690780a010102ac1414aa00004e22ac765c5024be7224a4a0fff2b978c6316b", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaa8fea70d1366aa3f5ab4cae07aab71d6004500002800000000000690780a010102ac1414aa00004e22ac765c5024be7224a4a0fff2b978c6316b", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0) (async)

01:36:37 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:37 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="77aaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000000)={0x5, 0x1, 0x3, 0x31ed8a8c, 0x5}, 0x14)

01:36:37 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4)
getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, &(0x7f0000000000)=""/1, &(0x7f0000000040)=0x1)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = syz_open_dev$vcsu(&(0x7f0000000080), 0x5, 0x430380)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r2=>r1, {0x4}}, './file0\x00'})
setsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f0000000200)=0x9, 0x4)
getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f00000000c0)={'filter\x00', 0x0, 0x0, 0x0, [0x1, 0x4, 0x9c3c, 0x7, 0x5, 0x8]}, &(0x7f0000000140)=0x78)

01:36:37 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x1c}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:37 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x19}, 0x0, 0x0)

01:36:37 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x6}, 0x0, 0x0)

01:36:37 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async, rerun: 64)
listen(r0, 0x0) (async, rerun: 64)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="77aaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0) (async)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000000)={0x5, 0x1, 0x3, 0x31ed8a8c, 0x5}, 0x14)

[  526.393057][T15224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:37 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4)
getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, &(0x7f0000000000)=""/1, &(0x7f0000000040)=0x1)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = syz_open_dev$vcsu(&(0x7f0000000080), 0x5, 0x430380)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r2=>r1, {0x4}}, './file0\x00'})
setsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f0000000200)=0x9, 0x4)
getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f00000000c0)={'filter\x00', 0x0, 0x0, 0x0, [0x1, 0x4, 0x9c3c, 0x7, 0x5, 0x8]}, &(0x7f0000000140)=0x78)

[  526.467939][T15229] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:37 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="77aaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000000)={0x5, 0x1, 0x3, 0x31ed8a8c, 0x5}, 0x14)

[  526.515162][T15229] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:37 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4)
getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, &(0x7f0000000000)=""/1, &(0x7f0000000040)=0x1)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = syz_open_dev$vcsu(&(0x7f0000000080), 0x5, 0x430380)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r2=>r1, {0x4}}, './file0\x00'})
setsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f0000000200)=0x9, 0x4)
getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f00000000c0)={'filter\x00', 0x0, 0x0, 0x0, [0x1, 0x4, 0x9c3c, 0x7, 0x5, 0x8]}, &(0x7f0000000140)=0x78)

[  526.577605][T15240] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:37 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  526.654237][T15235] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:37 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 1)

[  526.801646][T15250] FAULT_INJECTION: forcing a failure.
[  526.801646][T15250] name failslab, interval 1, probability 0, space 0, times 0
[  526.815434][T15250] CPU: 1 PID: 15250 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  526.825939][T15250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  526.836109][T15250] Call Trace:
[  526.839382][T15250]  <TASK>
[  526.846838][T15250]  dump_stack_lvl+0xcd/0x134
[  526.851449][T15250]  should_fail.cold+0x5/0xa
[  526.855979][T15250]  should_failslab+0x5/0x10
[  526.860494][T15250]  kmem_cache_alloc_bulk+0x4b/0x720
[  526.865694][T15250]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[  526.871522][T15250]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  526.877768][T15250]  io_submit_sqes.cold+0x1b9/0x3f2
[  526.882978][T15250]  ? __mutex_lock+0x21a/0x12f0
[  526.887765][T15250]  ? find_held_lock+0x2d/0x110
[  526.892543][T15250]  ? io_apoll_task_func+0x270/0x270
[  526.897967][T15250]  ? __do_sys_io_uring_enter+0x43e/0x21d0
[  526.903682][T15250]  ? lock_downgrade+0x6e0/0x6e0
[  526.908553][T15250]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  526.914473][T15250]  __do_sys_io_uring_enter+0x119b/0x21d0
[  526.920112][T15250]  ? io_submit_sqes+0x98b0/0x98b0
[  526.925135][T15250]  ? find_held_lock+0x2d/0x110
[  526.929915][T15250]  ? __context_tracking_exit+0xb8/0xe0
[  526.935369][T15250]  ? lock_downgrade+0x6e0/0x6e0
[  526.940231][T15250]  ? lock_downgrade+0x6e0/0x6e0
[  526.945176][T15250]  ? syscall_enter_from_user_mode+0x21/0x70
[  526.951068][T15250]  do_syscall_64+0x35/0xb0
[  526.955500][T15250]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  526.961408][T15250] RIP: 0033:0x7fb48a0890e9
[  526.965829][T15250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  526.985696][T15250] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  526.994115][T15250] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  527.002076][T15250] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  527.010037][T15250] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  527.018002][T15250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  527.025978][T15250] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  527.033951][T15250]  </TASK>
01:36:38 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 1)

01:36:38 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:38 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 2)

01:36:38 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:38 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x1a}, 0x0, 0x0)

01:36:38 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x1d}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  527.358399][T15256] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:38 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  527.412082][T15260] FAULT_INJECTION: forcing a failure.
[  527.412082][T15260] name failslab, interval 1, probability 0, space 0, times 0
[  527.450972][T15259] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  527.461922][T15260] CPU: 0 PID: 15260 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  527.472465][T15260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  527.482612][T15260] Call Trace:
[  527.485892][T15260]  <TASK>
[  527.488819][T15260]  dump_stack_lvl+0xcd/0x134
[  527.493540][T15260]  should_fail.cold+0x5/0xa
[  527.498043][T15260]  should_failslab+0x5/0x10
[  527.502551][T15260]  kmem_cache_alloc_bulk+0x4b/0x720
[  527.507764][T15260]  io_submit_sqes.cold+0x1b9/0x3f2
[  527.512894][T15260]  ? find_held_lock+0x2d/0x110
[  527.517781][T15260]  ? io_apoll_task_func+0x270/0x270
[  527.522991][T15260]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  527.528793][T15260]  __do_sys_io_uring_enter+0x119b/0x21d0
[  527.534554][T15260]  ? io_submit_sqes+0x98b0/0x98b0
[  527.539579][T15260]  ? find_held_lock+0x2d/0x110
[  527.544338][T15260]  ? __context_tracking_exit+0xb8/0xe0
[  527.549798][T15260]  ? lock_downgrade+0x6e0/0x6e0
[  527.554649][T15260]  ? lock_downgrade+0x6e0/0x6e0
[  527.560104][T15260]  ? syscall_enter_from_user_mode+0x21/0x70
[  527.565995][T15260]  do_syscall_64+0x35/0xb0
[  527.570621][T15260]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  527.576505][T15260] RIP: 0033:0x7fb48a0890e9
[  527.581002][T15260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  527.600612][T15260] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
01:36:38 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10) (async, rerun: 64)
listen(r0, 0x0) (async, rerun: 64)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  527.609021][T15260] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  527.616978][T15260] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  527.624947][T15260] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  527.632912][T15260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  527.640869][T15260] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  527.648834][T15260]  </TASK>
01:36:38 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x1e}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  527.663489][T15259] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  527.702150][T15263] FAULT_INJECTION: forcing a failure.
[  527.702150][T15263] name failslab, interval 1, probability 0, space 0, times 0
[  527.717014][T15263] CPU: 0 PID: 15263 Comm: syz-executor.2 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  527.727552][T15263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  527.737619][T15263] Call Trace:
[  527.740883][T15263]  <TASK>
[  527.743820][T15263]  dump_stack_lvl+0xcd/0x134
[  527.748409][T15263]  should_fail.cold+0x5/0xa
[  527.752911][T15263]  should_failslab+0x5/0x10
[  527.757407][T15263]  kmem_cache_alloc_bulk+0x4b/0x720
[  527.762597][T15263]  ? io_submit_sqes+0x75b7/0x98b0
[  527.767612][T15263]  io_submit_sqes.cold+0x1b9/0x3f2
[  527.772728][T15263]  ? __mutex_lock+0x21a/0x12f0
[  527.777501][T15263]  ? find_held_lock+0x2d/0x110
[  527.782261][T15263]  ? io_apoll_task_func+0x270/0x270
[  527.787452][T15263]  ? __do_sys_io_uring_enter+0x43e/0x21d0
[  527.793164][T15263]  ? lock_downgrade+0x6e0/0x6e0
[  527.798033][T15263]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  527.803861][T15263]  __do_sys_io_uring_enter+0x119b/0x21d0
[  527.809500][T15263]  ? io_submit_sqes+0x98b0/0x98b0
[  527.814634][T15263]  ? find_held_lock+0x2d/0x110
[  527.819403][T15263]  ? __context_tracking_exit+0xb8/0xe0
[  527.824877][T15263]  ? lock_downgrade+0x6e0/0x6e0
[  527.829757][T15263]  ? lock_downgrade+0x6e0/0x6e0
[  527.834623][T15263]  ? syscall_enter_from_user_mode+0x21/0x70
[  527.840520][T15263]  do_syscall_64+0x35/0xb0
[  527.844936][T15263]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  527.850833][T15263] RIP: 0033:0x7f71436890e9
[  527.855255][T15263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  527.875399][T15263] RSP: 002b:00007f71425fe168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  527.884489][T15263] RAX: ffffffffffffffda RBX: 00007f714379c030 RCX: 00007f71436890e9
[  527.892469][T15263] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  527.900440][T15263] RBP: 00007f71425fe1d0 R08: 0000000000000000 R09: 0200000000000000
01:36:38 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r1, 0x400454de, 0x7fffffffefff)
writev(r1, &(0x7f0000001440)=[{&(0x7f0000000040)="1d9805ecacaa8613162b969af43adc52157a4177c05e6e216c3e578acfeb89d29e1d3d95d368391e506d64e1ac8950ee16743e7bc14a5fba6b19d8f231dd4f3c492ebbf692d4823f134e732571f72c68ae5ed725fa3d9a8983597e32cad2d01b9b594ddd16ae81aef36d9c7e46b16b8d050531751bcf25e33d61e1c2b1564e7cebcf836c0fd2470489e817bab14bdd703bc7f43750cc57f6", 0x98}, {&(0x7f0000000100)="35c802c13c5dc2eb145b1deb59bcffbfd8d5968306fc2c5bc9b7bc8a9b0022c14e6b67c1358c225fd2702a3c5d537fabea9ef4c9e3c367e34d007a2acd4d6ba9062b663a9ce90d1bb3a66a21d785b01b9bdff3a83b97c0ba6b6228edcde6bfec22a376b62848cbcd18e7ddca6f17f1e9629defaf2b0ccdf5025436ba4607ac48aa18dd979025c109ac4c96becdedaf22dc4b0e32ad9068bd9e", 0x99}, {&(0x7f00000001c0)="aad43d66fc5b0927bfa2d0a0d53f985c706d8dc568a4e021b11ed06d900ac598b3df069ed3fca481e86432125ace1da23ef4fea3ba9538a8c2602bb9020f80f113a6252c425e2bce1f6127d087366377b554a15553dd92f30a8d02f9660aa553add4be09e9033c48793dffeeafb5868ace41539e284be36c809b361249fa30e48c4908b092862df0a4baca418d9012c31080d4020034e7c2ab6e48a5512da874439760ed0c21906f41ca800bf9fbf181cdf32daed8079823f9773b79a797eb8974d0e7b096d459fae44d89cb6cced5f92735f012f07f44eaa393e2a33c8d9cc2bd616d4cd1b2", 0xe6}, {&(0x7f00000002c0)="ea711117fa3d71cb43c4d951cad0d1b4fbf3e74165fc452bb4802096528ef2bd7f69a5ae842d6835985858ef0c7e2106008d9f218f9fa261c03917483877783e4923bc1a3b91d9aede75a1930dd9f79763a5a9d2b83c3f0f7d4b8972a61f0a46df9dc18c6b489e42810b07d8cbae1ae594a0a291d2951de2ce2d9387302cce3d3949f88c3a8de567fc47e4", 0x8b}, {&(0x7f0000000400)="a4f7d81424e9ed4f100e27c08568fa1bff08dae81429f77cdfd7f9e687f643f1bbf5aaec405c5db6f600716296b456", 0x2f}, {&(0x7f0000000440)="7bf2b5b52374adfd2bae1b9e57ff00aa08bfb85bc552e8b5518c6276dac8d481bc624fd5c58345457490bf862d585ff711a95283285870fa49f63e7e57407a77c6f2b51367c9f9153d0d57eac57c84c8f2cdbe1291250abf37edca05b7046dbac217a78dab87d3cbdbd01c0089fac9897e39d507d671fa4ff4857bfb66c3a769d1cea586fe590fba52aa9cb538e7a2850b3f251050f6d7e05b2720b970a5691d586c51f569770a2cbe9f28d481d9cc9bae9d3cabb351f37380e80762e2f26ebcb53475e2292f068b6f9495386752deec0da6da0351d340c56d9b1be11f63180829ea6ff2078f8e040dcb7a1aa0a3dd5f3393eb23a9e98f85fd2528e52212111d1d7a7476c0d46b4aa1c7b573464a8df0b17458c05a772281bc35981edaa0793ea9f66e6de250202908efb5ad5a464970b7cfac4a06a90f8f4e242246b31dfd1ac15236e395eb68f0ce4cf673651aece8c06b44e2bcdb0d91752a19797b35bd4f48fdc6b90412f2fdece5c5d29edbfee4f63bbe3f7934fba4b28b66f15983df17124aa6a3ddcf982f3f0775fa4050663a4c740a3223c11770279f7b4f563d738df61d56204ec2c21ba43579ea8a415965103faeb7f1afa2beadde367a6273964b04544bc0d81b878ccbd8d714e104f86e4955560582cc90c6c587ddcdb0df902810cac115942a821f3a0f2e29ba17fa7baed2bd282f469e0c50963e203aabe9bdfcf420576c482b119104fef4943df7a6bec00b460cdeb73a78354fe6a01588c63aaa00934e40de1fc9a1b07a4d7f975152cee05bbdf35f48e98e58b0c9594e2358ccf8a3c6e5810876d51b66386f13a70602af94998cecda5365004df6c8c967db7520675669d9384090c971797cdfc50e00598c0cecc7448a4f5ca09a725cba47461183c2be7a703472119349b97af0c065cdcefb4dcae2257e85cd3bbac72d2d028871fc1cd6547e7f8940cbdb05665ab430e8455881f9086f3b31eff7fc1c7cb8cd593ec57a7e8ecadfbf742cfc1585d95c2131d26a7b1146d43ed7886eca3cefdc545e9187e371623d15b552649c6735db120c6c0add475ac89fce243453e8ffc8279f39735dac786bbff90647985a399fd3a960bbabf99967e0e602f9acda33a33576126927ce0d6db6387e01966d14ad52678e054bbbe583d0de6587c03cc2c1e7eb4cf86c1464a9f953a7b982b744efa28d566b7e2e9ebb3e784a8c31217b786f6905d68ea209d8479784b97adb34367bde79ea966ed9aea411f2ba89bc7d6e3cdc2d15d0343ffdb7e6e3e21489f390172dd24dc89456b9c5b146d33c42f74863ba643e982e1bf1eae827a3879971e4444d09ae4c7f97f90575882a4e64216e34fa37556ddecd41d90deddcf2583bf7468e3a692c0af5bb384353430f5f2b7c39f1ca02aa828741148e3ec2bb3f4722ff157502ae82ecb1935328df5bbabe5529d4ce87af13c14553e1288a459396b7bad642f8213ce2f3ce3390524beca6f978ef30ec8784d1ad48e4df7143023039250106d92faeabdb1d95c9a711602f2a427de9ae405aea0e3ee7d9e13593f9eaf12e8a5848025285e3a53d64b576d89c5ceab867fc832c924f7b6ff04af12cc2854d20404ec3f1ef795c1f4af324dcc884bbbc98b4371e53fc23a8430c589cd92b2f3c76ff5e8df0c61035073be0829757fcaedbc39db0bcf135c5edda3ef18be2efa73e91fe2f69e7b2b18f7efdb9d83bad2642eedd48087281554e384fbdad7b20c27ce0bc3b6edc4b69a8243969bfba0508aa9e9e1c8905f2be4404742cfa7886bbac272907547ccf556cf0bdc7b91f1cecca802e0c2c7d6f588f3a0feaa69b8155c8901f4ef2344bdd4407fd60f0f57f50c087ec1ba268fa30a5d82549c82b4b5aacfdce580f85d153a9ae33de8597b789ea4a91ecc19070fa660e473b4136af88c7f59b2389dd621c2dc9355b218a2aa1e704c16d127feaecd5bfef16ac45bca5646195ea0d7952741cca7e95623898b7470f5c30a728f85eb6b808d22f2f13c1085399baef3262ab6980ce1a83c47827a88a630787436dc9b8bf80d02425ae672d096259ee343cc1f60f55b761f4e7c635e19bd676006c6c2b6bb33435b7b498bdb0c78ced19643bdf0ab5bdfa8aa93693b01fb9f255c02e7d3218ca80ec8c53d13ef458e13b4bc6fb87fbbc8fb4ddc554da431af23ca473dd0561a10b0628ca3849182711a20599a7f35b7e1ea1d3d7c2a75e6127ff2227d09c42f4a77f2fe97dca7ca754e5bb3e3f0503a282b9f54d052f840f6d9dc4930ee8f555dd9b0dba376c37438014b9505520cd9d6515053737dab6e0766a05ec61c060ec16f7cc23c324e7b43c46103c38c265e88f9c76a82ce9324333f258c4b81efbb7ba643e72e6f6ba374e3df29f7016e73215ac19c101633ea7f8d70c43e1fc7ab90bb24fd070abdde9eb2c80d17f2e981c2c0ede1664b036f5a969a42c0ce83c173dae152814f8d28b50d320b66050487bb8f1744d4cf4cf1b8810c2a84838a68fe929c61f36f23d1080038ac86a5eb4b0217d9b67166fefb149170039a13a79879e7e5c1c57520aac02a4ee33f2dbbf3adcb82d6bb81592209a93f854d1f6b108f93f644fb77fe2cc3d7369ca4c090602aeac87da871ce606ac46a40042b332fe1b0975a1742e37d98c3df33084cbafae74fa87d83b667963c0ef6d488a650a7338e66acdc75729a915c1484af35e2150e295488caaaf3f891c3676b5145e0b2d13daf623a6fa4141c804450172ebfd804f72ed28bc78e27cc7bf3758adb7522869c434e0b69c87c7855bf3390d17589b43365437d53119f068d51956916e454462e8b44277fa9b446ffbdec1f78b7d9e50d5655d3771297ab44832d66f682377aaccb27ca1e5afbf4deabc2b2817522a5361516faa9afac453edcd4288ea2ed8d5cfe5c87179c8dde685d8f748f7f1da7c864491fdf22980ad6e101a9fa50ff4f29151ea1c80a27f3afeced75e87b4ab93a375f700d739d521fea2e7fc64d387ee3aff59197c74c841f80d9f873e70c2b3f8cec97cb849291630b0d135e56dbbb59dc4c022538e8b06c688143ce6e328150bbe2d7425b850a937e919e73653c9d0117fc6562757946fd875b6bb18008ee70927fb522b0aafde8c9853ea6840da1b5d2d2595f3bc6291810f8d787b54b73e6ffc6cbb6d7dfd328a4854fa6d036e930f59175bbce6553678125218f657d5e0d991e12ba93dcf36c7bf96dff24238028e474c54f2a878b7a6e7a2ed579b3824c38db4dfdf8da8965a2e9d28a2d05ddca332c11b8883e5f1d4bf4d7120075ae6b3e64979a86f71468bb2e5e0850f2e8892af5989cf7d7954ce25716be720c8e666df9ddfec9b2a90fca7170f05169dd559c2ace93de7b9d8acc60c45b014f5048aa216c8082ebedf4232aed900c50e400f14261c86654bcd0564a2acf4204a74e2087cd6b473281efe1a5a0beeefdd68795a75ad57f2f6c412023522ed38017557eb07e33d2d04db13d8b769ed161b985cab9c2a890596ecd2bd1c1f9a16b5d4a235688b0f577c51feca9af283ef8d9ea83cc4c3e51692bf7ad43cb31cbee604db9c03c79b46028cad2e27b024246bafd7fc38dc6dea06d37cc93282dc7292abefb704c4376e7037eefe955a3f8005fd58a4445167a7120489933bb4803d149330da07f33578ebba0b2a50bbb7656a439bf65d4415ecde6d244ca9705d235f04eeefe6cbb34931c186a595d98e5ecb9498e280838fabe9154c28d02e61306aff27c96d46e3023ba7a5ee4ef77389eac5e952149090e51443b83a7ba5cadb429585a01118460713b9de1f0347bce812dbc5cd25fc7833ae27edd679e1bf998280dd705a4de62c13f466faff9af674273c75b1048357056ffce8b260f6d9afca146726285473b21bc79da3f2028c55cc52996358bb199a5e43da130680d6ab04985cd6b1e97c35c0caa993bc7206e58ef784a2f22a1e2fb5db0163ea40b0b30c74d6d34e64e61dc9936cd0b49ac2b78eefd8154df8819a00f2467c7710aff7be74f9c460b2ce65d99d4cde8da9b8efd124ec4836c4d98baf64cd5d4347138c4643d57c220682e423a62dbb2b9cb39626ee4b3a43d8742b01d8a92992ec74c6828e224dc2601138414344e95073ffbf0d0e31e9e5f5c9c9f40f67f2606effce709dab33ccbdff022b9ff69d1a00b5f963d444df2ae196bf5ce1df4f8aeb6884ce78bb62ad1198a2c3abce04e57ff85d6fdc438a5a9835a004c0ba723fb0afec79b1df8b790db215e5b12f978b61bbe8f0d9288d43afbabe80202c404fe623d6caaf5b15390c2f41b95d5e341ef46fb3147ef2d28308dc72f9d3cddfb6a9aa075ae6e38b853058220ac8b4b9cdd756cc4b691f72fdd8697d0a9b5089ef4eb1788c302540a05c4ffeecfebce16efaff3c9566b1bd8845c9612454728891aa689ef3acc0f00fd20adc175c92f40e686c7e3b1d3f0d5890f189b89f6f5f3d080e454116a64fff7b47e562efd63e83d26c7ac4db33679e2907233ccbd6809ed1b013523ee939dd1a6eb583ff3ab7ae18d469110b940878e1aade6f50eb9f0e782314fd52c32babdd2bc781e387742918493319675b3ce53cbc81b80fd39f3347af635c97a5b0d03e9b7047a9ae096ab33999b16303f31b09f2c6599debaa3d563cfe7e76793aa589b6cd785f4030880ccf36b28f7c8012b140dd68a733d816dd8ef234f2ee4d1f6934f06660cdcc7aad1ed244d097e80fdc36c71ff37a14afa78720e0b29048c7718b8544a73f438b7ca47dcb25947dfcb9f7ae41c612c36244a604d4f13c63a7047b892ccee82efb978ff796784eb21a2d01c0b819c07c34bf1b78f312f18e723fadba1c247023fa00c09c351a2bf347801548d7a96c4e4e33c92aeebda093196d8ee1c189a9642956c082373f861ffeb7a51d19515d7effc1a41aace688b60ffac5cd849c0c173cc10f4a02488c07031f092c9f2b0c1a609edfccc23bb51e9cf775fec4fcf924123206bc718e818aa699078f80af9c0f776981aa375d97d0b11b0b1e66503b06abf250a0d2c356a31c3c4913af57afca1bf0909eaf6ef12991ab54048937ab18570f3afece777c49e6550a39b021d20d7d29999783235b11f5c1f21b784e8a06766b9078fa093fd3f7822f0ba670e88f29ae536e2c263bcd8a2bfbb00ba0fa30b7d1f8ba82c7c4c06b8476755cf9ad9fd7a59feade7a03d4e372500c886cd28d548b8b67e11385ee67dcbcb8566dad5f72ac784dcd5a5bcb50977e0146948bda484e6f5f91a07b28d8e2ceb33533123a0f92f5b42ef72f96f10994bd7aac456be66c40e037ecf4e04600837e6df4fc49204a065160a8988b834b046b1c766990eccd18a3a8f5a35348a31ab2c99b7c97f5c34558fa5ac85ea5144e8b8fba674a274cd292b5cb650fb15bf97b6f51f04a7ecf064df296ee01804703cbf636ccd8e36524aa060aaad7664d2c0d145cd6de600772979674284c8781c552e35f2a3dc1b7c34bfa8717771ae8884cb964f9c75cb3690eee7344e55dad4fa86be7a1709bf9e405fea9a64e7fca0964573e78110e46c42cac7015e42aa074ddd52ac6274cf577e3ba766313b0193a6fff03818235dbac6c19715b4c5ff261016096b039dc172a447261d857854745bfc75957ed1fef524451ce03232c536bfb821d610dd19e898b2c7daa4ac3f3c94cd63a29792a02e434f2287b6620f4bba0a2dd18f74ae0e73c6b8b9cdf0b9893dc1588c5b8c3b6f707614889bcc1d685dc3c7200a6eeb6457d98817ac7154a3268dcec39660ccc66", 0x1000}], 0x6)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690781a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000890780000"], 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x100100)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r3, 0x400454de, 0x7fffffffefff)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r2, 0x50009418, &(0x7f00000014c0)={{r3}, 0x0, 0xe, @unused=[0xfa, 0xffff, 0x6, 0xd717], @subvolid})

01:36:38 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  527.908409][T15263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  527.916368][T15263] R13: 00007f7143ccfb1f R14: 00007f71425fe300 R15: 0000000000022000
[  527.924348][T15263]  </TASK>
[  527.972921][T15273] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:38 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 1)

[  528.261357][T15280] FAULT_INJECTION: forcing a failure.
[  528.261357][T15280] name failslab, interval 1, probability 0, space 0, times 0
[  528.281726][T15280] CPU: 1 PID: 15280 Comm: syz-executor.1 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  528.292261][T15280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  528.302318][T15280] Call Trace:
[  528.305588][T15280]  <TASK>
[  528.308519][T15280]  dump_stack_lvl+0xcd/0x134
[  528.313103][T15280]  should_fail.cold+0x5/0xa
[  528.317601][T15280]  should_failslab+0x5/0x10
[  528.322093][T15280]  kmem_cache_alloc_bulk+0x4b/0x720
[  528.327279][T15280]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[  528.333079][T15280]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  528.339322][T15280]  io_submit_sqes.cold+0x1b9/0x3f2
[  528.344457][T15280]  ? __mutex_lock+0x21a/0x12f0
[  528.349239][T15280]  ? find_held_lock+0x2d/0x110
[  528.354033][T15280]  ? io_apoll_task_func+0x270/0x270
[  528.359246][T15280]  ? __do_sys_io_uring_enter+0x43e/0x21d0
[  528.365044][T15280]  ? lock_downgrade+0x6e0/0x6e0
[  528.369893][T15280]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  528.375684][T15280]  __do_sys_io_uring_enter+0x119b/0x21d0
[  528.381316][T15280]  ? io_submit_sqes+0x98b0/0x98b0
[  528.386329][T15280]  ? find_held_lock+0x2d/0x110
[  528.391093][T15280]  ? __context_tracking_exit+0xb8/0xe0
[  528.396540][T15280]  ? lock_downgrade+0x6e0/0x6e0
[  528.401383][T15280]  ? lock_downgrade+0x6e0/0x6e0
[  528.406235][T15280]  ? syscall_enter_from_user_mode+0x21/0x70
[  528.412120][T15280]  do_syscall_64+0x35/0xb0
[  528.416534][T15280]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  528.422416][T15280] RIP: 0033:0x7f734ee890e9
[  528.426818][T15280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  528.446413][T15280] RSP: 002b:00007f734ffe5168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
01:36:39 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:39 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
ioctl$TUNSETOFFLOAD(r1, 0x400454de, 0x7fffffffefff)
writev(r1, &(0x7f0000001440)=[{&(0x7f0000000040)="1d9805ecacaa8613162b969af43adc52157a4177c05e6e216c3e578acfeb89d29e1d3d95d368391e506d64e1ac8950ee16743e7bc14a5fba6b19d8f231dd4f3c492ebbf692d4823f134e732571f72c68ae5ed725fa3d9a8983597e32cad2d01b9b594ddd16ae81aef36d9c7e46b16b8d050531751bcf25e33d61e1c2b1564e7cebcf836c0fd2470489e817bab14bdd703bc7f43750cc57f6", 0x98}, {&(0x7f0000000100)="35c802c13c5dc2eb145b1deb59bcffbfd8d5968306fc2c5bc9b7bc8a9b0022c14e6b67c1358c225fd2702a3c5d537fabea9ef4c9e3c367e34d007a2acd4d6ba9062b663a9ce90d1bb3a66a21d785b01b9bdff3a83b97c0ba6b6228edcde6bfec22a376b62848cbcd18e7ddca6f17f1e9629defaf2b0ccdf5025436ba4607ac48aa18dd979025c109ac4c96becdedaf22dc4b0e32ad9068bd9e", 0x99}, {&(0x7f00000001c0)="aad43d66fc5b0927bfa2d0a0d53f985c706d8dc568a4e021b11ed06d900ac598b3df069ed3fca481e86432125ace1da23ef4fea3ba9538a8c2602bb9020f80f113a6252c425e2bce1f6127d087366377b554a15553dd92f30a8d02f9660aa553add4be09e9033c48793dffeeafb5868ace41539e284be36c809b361249fa30e48c4908b092862df0a4baca418d9012c31080d4020034e7c2ab6e48a5512da874439760ed0c21906f41ca800bf9fbf181cdf32daed8079823f9773b79a797eb8974d0e7b096d459fae44d89cb6cced5f92735f012f07f44eaa393e2a33c8d9cc2bd616d4cd1b2", 0xe6}, {&(0x7f00000002c0)="ea711117fa3d71cb43c4d951cad0d1b4fbf3e74165fc452bb4802096528ef2bd7f69a5ae842d6835985858ef0c7e2106008d9f218f9fa261c03917483877783e4923bc1a3b91d9aede75a1930dd9f79763a5a9d2b83c3f0f7d4b8972a61f0a46df9dc18c6b489e42810b07d8cbae1ae594a0a291d2951de2ce2d9387302cce3d3949f88c3a8de567fc47e4", 0x8b}, {&(0x7f0000000400)="a4f7d81424e9ed4f100e27c08568fa1bff08dae81429f77cdfd7f9e687f643f1bbf5aaec405c5db6f600716296b456", 0x2f}, {&(0x7f0000000440)="7bf2b5b52374adfd2bae1b9e57ff00aa08bfb85bc552e8b5518c6276dac8d481bc624fd5c58345457490bf862d585ff711a95283285870fa49f63e7e57407a77c6f2b51367c9f9153d0d57eac57c84c8f2cdbe1291250abf37edca05b7046dbac217a78dab87d3cbdbd01c0089fac9897e39d507d671fa4ff4857bfb66c3a769d1cea586fe590fba52aa9cb538e7a2850b3f251050f6d7e05b2720b970a5691d586c51f569770a2cbe9f28d481d9cc9bae9d3cabb351f37380e80762e2f26ebcb53475e2292f068b6f9495386752deec0da6da0351d340c56d9b1be11f63180829ea6ff2078f8e040dcb7a1aa0a3dd5f3393eb23a9e98f85fd2528e52212111d1d7a7476c0d46b4aa1c7b573464a8df0b17458c05a772281bc35981edaa0793ea9f66e6de250202908efb5ad5a464970b7cfac4a06a90f8f4e242246b31dfd1ac15236e395eb68f0ce4cf673651aece8c06b44e2bcdb0d91752a19797b35bd4f48fdc6b90412f2fdece5c5d29edbfee4f63bbe3f7934fba4b28b66f15983df17124aa6a3ddcf982f3f0775fa4050663a4c740a3223c11770279f7b4f563d738df61d56204ec2c21ba43579ea8a415965103faeb7f1afa2beadde367a6273964b04544bc0d81b878ccbd8d714e104f86e4955560582cc90c6c587ddcdb0df902810cac115942a821f3a0f2e29ba17fa7baed2bd282f469e0c50963e203aabe9bdfcf420576c482b119104fef4943df7a6bec00b460cdeb73a78354fe6a01588c63aaa00934e40de1fc9a1b07a4d7f975152cee05bbdf35f48e98e58b0c9594e2358ccf8a3c6e5810876d51b66386f13a70602af94998cecda5365004df6c8c967db7520675669d9384090c971797cdfc50e00598c0cecc7448a4f5ca09a725cba47461183c2be7a703472119349b97af0c065cdcefb4dcae2257e85cd3bbac72d2d028871fc1cd6547e7f8940cbdb05665ab430e8455881f9086f3b31eff7fc1c7cb8cd593ec57a7e8ecadfbf742cfc1585d95c2131d26a7b1146d43ed7886eca3cefdc545e9187e371623d15b552649c6735db120c6c0add475ac89fce243453e8ffc8279f39735dac786bbff90647985a399fd3a960bbabf99967e0e602f9acda33a33576126927ce0d6db6387e01966d14ad52678e054bbbe583d0de6587c03cc2c1e7eb4cf86c1464a9f953a7b982b744efa28d566b7e2e9ebb3e784a8c31217b786f6905d68ea209d8479784b97adb34367bde79ea966ed9aea411f2ba89bc7d6e3cdc2d15d0343ffdb7e6e3e21489f390172dd24dc89456b9c5b146d33c42f74863ba643e982e1bf1eae827a3879971e4444d09ae4c7f97f90575882a4e64216e34fa37556ddecd41d90deddcf2583bf7468e3a692c0af5bb384353430f5f2b7c39f1ca02aa828741148e3ec2bb3f4722ff157502ae82ecb1935328df5bbabe5529d4ce87af13c14553e1288a459396b7bad642f8213ce2f3ce3390524beca6f978ef30ec8784d1ad48e4df7143023039250106d92faeabdb1d95c9a711602f2a427de9ae405aea0e3ee7d9e13593f9eaf12e8a5848025285e3a53d64b576d89c5ceab867fc832c924f7b6ff04af12cc2854d20404ec3f1ef795c1f4af324dcc884bbbc98b4371e53fc23a8430c589cd92b2f3c76ff5e8df0c61035073be0829757fcaedbc39db0bcf135c5edda3ef18be2efa73e91fe2f69e7b2b18f7efdb9d83bad2642eedd48087281554e384fbdad7b20c27ce0bc3b6edc4b69a8243969bfba0508aa9e9e1c8905f2be4404742cfa7886bbac272907547ccf556cf0bdc7b91f1cecca802e0c2c7d6f588f3a0feaa69b8155c8901f4ef2344bdd4407fd60f0f57f50c087ec1ba268fa30a5d82549c82b4b5aacfdce580f85d153a9ae33de8597b789ea4a91ecc19070fa660e473b4136af88c7f59b2389dd621c2dc9355b218a2aa1e704c16d127feaecd5bfef16ac45bca5646195ea0d7952741cca7e95623898b7470f5c30a728f85eb6b808d22f2f13c1085399baef3262ab6980ce1a83c47827a88a630787436dc9b8bf80d02425ae672d096259ee343cc1f60f55b761f4e7c635e19bd676006c6c2b6bb33435b7b498bdb0c78ced19643bdf0ab5bdfa8aa93693b01fb9f255c02e7d3218ca80ec8c53d13ef458e13b4bc6fb87fbbc8fb4ddc554da431af23ca473dd0561a10b0628ca3849182711a20599a7f35b7e1ea1d3d7c2a75e6127ff2227d09c42f4a77f2fe97dca7ca754e5bb3e3f0503a282b9f54d052f840f6d9dc4930ee8f555dd9b0dba376c37438014b9505520cd9d6515053737dab6e0766a05ec61c060ec16f7cc23c324e7b43c46103c38c265e88f9c76a82ce9324333f258c4b81efbb7ba643e72e6f6ba374e3df29f7016e73215ac19c101633ea7f8d70c43e1fc7ab90bb24fd070abdde9eb2c80d17f2e981c2c0ede1664b036f5a969a42c0ce83c173dae152814f8d28b50d320b66050487bb8f1744d4cf4cf1b8810c2a84838a68fe929c61f36f23d1080038ac86a5eb4b0217d9b67166fefb149170039a13a79879e7e5c1c57520aac02a4ee33f2dbbf3adcb82d6bb81592209a93f854d1f6b108f93f644fb77fe2cc3d7369ca4c090602aeac87da871ce606ac46a40042b332fe1b0975a1742e37d98c3df33084cbafae74fa87d83b667963c0ef6d488a650a7338e66acdc75729a915c1484af35e2150e295488caaaf3f891c3676b5145e0b2d13daf623a6fa4141c804450172ebfd804f72ed28bc78e27cc7bf3758adb7522869c434e0b69c87c7855bf3390d17589b43365437d53119f068d51956916e454462e8b44277fa9b446ffbdec1f78b7d9e50d5655d3771297ab44832d66f682377aaccb27ca1e5afbf4deabc2b2817522a5361516faa9afac453edcd4288ea2ed8d5cfe5c87179c8dde685d8f748f7f1da7c864491fdf22980ad6e101a9fa50ff4f29151ea1c80a27f3afeced75e87b4ab93a375f700d739d521fea2e7fc64d387ee3aff59197c74c841f80d9f873e70c2b3f8cec97cb849291630b0d135e56dbbb59dc4c022538e8b06c688143ce6e328150bbe2d7425b850a937e919e73653c9d0117fc6562757946fd875b6bb18008ee70927fb522b0aafde8c9853ea6840da1b5d2d2595f3bc6291810f8d787b54b73e6ffc6cbb6d7dfd328a4854fa6d036e930f59175bbce6553678125218f657d5e0d991e12ba93dcf36c7bf96dff24238028e474c54f2a878b7a6e7a2ed579b3824c38db4dfdf8da8965a2e9d28a2d05ddca332c11b8883e5f1d4bf4d7120075ae6b3e64979a86f71468bb2e5e0850f2e8892af5989cf7d7954ce25716be720c8e666df9ddfec9b2a90fca7170f05169dd559c2ace93de7b9d8acc60c45b014f5048aa216c8082ebedf4232aed900c50e400f14261c86654bcd0564a2acf4204a74e2087cd6b473281efe1a5a0beeefdd68795a75ad57f2f6c412023522ed38017557eb07e33d2d04db13d8b769ed161b985cab9c2a890596ecd2bd1c1f9a16b5d4a235688b0f577c51feca9af283ef8d9ea83cc4c3e51692bf7ad43cb31cbee604db9c03c79b46028cad2e27b024246bafd7fc38dc6dea06d37cc93282dc7292abefb704c4376e7037eefe955a3f8005fd58a4445167a7120489933bb4803d149330da07f33578ebba0b2a50bbb7656a439bf65d4415ecde6d244ca9705d235f04eeefe6cbb34931c186a595d98e5ecb9498e280838fabe9154c28d02e61306aff27c96d46e3023ba7a5ee4ef77389eac5e952149090e51443b83a7ba5cadb429585a01118460713b9de1f0347bce812dbc5cd25fc7833ae27edd679e1bf998280dd705a4de62c13f466faff9af674273c75b1048357056ffce8b260f6d9afca146726285473b21bc79da3f2028c55cc52996358bb199a5e43da130680d6ab04985cd6b1e97c35c0caa993bc7206e58ef784a2f22a1e2fb5db0163ea40b0b30c74d6d34e64e61dc9936cd0b49ac2b78eefd8154df8819a00f2467c7710aff7be74f9c460b2ce65d99d4cde8da9b8efd124ec4836c4d98baf64cd5d4347138c4643d57c220682e423a62dbb2b9cb39626ee4b3a43d8742b01d8a92992ec74c6828e224dc2601138414344e95073ffbf0d0e31e9e5f5c9c9f40f67f2606effce709dab33ccbdff022b9ff69d1a00b5f963d444df2ae196bf5ce1df4f8aeb6884ce78bb62ad1198a2c3abce04e57ff85d6fdc438a5a9835a004c0ba723fb0afec79b1df8b790db215e5b12f978b61bbe8f0d9288d43afbabe80202c404fe623d6caaf5b15390c2f41b95d5e341ef46fb3147ef2d28308dc72f9d3cddfb6a9aa075ae6e38b853058220ac8b4b9cdd756cc4b691f72fdd8697d0a9b5089ef4eb1788c302540a05c4ffeecfebce16efaff3c9566b1bd8845c9612454728891aa689ef3acc0f00fd20adc175c92f40e686c7e3b1d3f0d5890f189b89f6f5f3d080e454116a64fff7b47e562efd63e83d26c7ac4db33679e2907233ccbd6809ed1b013523ee939dd1a6eb583ff3ab7ae18d469110b940878e1aade6f50eb9f0e782314fd52c32babdd2bc781e387742918493319675b3ce53cbc81b80fd39f3347af635c97a5b0d03e9b7047a9ae096ab33999b16303f31b09f2c6599debaa3d563cfe7e76793aa589b6cd785f4030880ccf36b28f7c8012b140dd68a733d816dd8ef234f2ee4d1f6934f06660cdcc7aad1ed244d097e80fdc36c71ff37a14afa78720e0b29048c7718b8544a73f438b7ca47dcb25947dfcb9f7ae41c612c36244a604d4f13c63a7047b892ccee82efb978ff796784eb21a2d01c0b819c07c34bf1b78f312f18e723fadba1c247023fa00c09c351a2bf347801548d7a96c4e4e33c92aeebda093196d8ee1c189a9642956c082373f861ffeb7a51d19515d7effc1a41aace688b60ffac5cd849c0c173cc10f4a02488c07031f092c9f2b0c1a609edfccc23bb51e9cf775fec4fcf924123206bc718e818aa699078f80af9c0f776981aa375d97d0b11b0b1e66503b06abf250a0d2c356a31c3c4913af57afca1bf0909eaf6ef12991ab54048937ab18570f3afece777c49e6550a39b021d20d7d29999783235b11f5c1f21b784e8a06766b9078fa093fd3f7822f0ba670e88f29ae536e2c263bcd8a2bfbb00ba0fa30b7d1f8ba82c7c4c06b8476755cf9ad9fd7a59feade7a03d4e372500c886cd28d548b8b67e11385ee67dcbcb8566dad5f72ac784dcd5a5bcb50977e0146948bda484e6f5f91a07b28d8e2ceb33533123a0f92f5b42ef72f96f10994bd7aac456be66c40e037ecf4e04600837e6df4fc49204a065160a8988b834b046b1c766990eccd18a3a8f5a35348a31ab2c99b7c97f5c34558fa5ac85ea5144e8b8fba674a274cd292b5cb650fb15bf97b6f51f04a7ecf064df296ee01804703cbf636ccd8e36524aa060aaad7664d2c0d145cd6de600772979674284c8781c552e35f2a3dc1b7c34bfa8717771ae8884cb964f9c75cb3690eee7344e55dad4fa86be7a1709bf9e405fea9a64e7fca0964573e78110e46c42cac7015e42aa074ddd52ac6274cf577e3ba766313b0193a6fff03818235dbac6c19715b4c5ff261016096b039dc172a447261d857854745bfc75957ed1fef524451ce03232c536bfb821d610dd19e898b2c7daa4ac3f3c94cd63a29792a02e434f2287b6620f4bba0a2dd18f74ae0e73c6b8b9cdf0b9893dc1588c5b8c3b6f707614889bcc1d685dc3c7200a6eeb6457d98817ac7154a3268dcec39660ccc66", 0x1000}], 0x6) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690781a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000890780000"], 0x0) (async)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x100100) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
ioctl$TUNSETOFFLOAD(r3, 0x400454de, 0x7fffffffefff) (async)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r2, 0x50009418, &(0x7f00000014c0)={{r3}, 0x0, 0xe, @unused=[0xfa, 0xffff, 0x6, 0xd717], @subvolid})

01:36:39 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x1b}, 0x0, 0x0)

01:36:39 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 3)

01:36:39 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x21}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  528.454837][T15280] RAX: ffffffffffffffda RBX: 00007f734ef9c030 RCX: 00007f734ee890e9
[  528.462800][T15280] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  528.470756][T15280] RBP: 00007f734ffe51d0 R08: 0000000000000000 R09: 0200000000000000
[  528.478727][T15280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  528.486697][T15280] R13: 00007f734f4cfb1f R14: 00007f734ffe5300 R15: 0000000000022000
[  528.494683][T15280]  </TASK>
[  528.548032][T15284] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  528.581372][T15287] FAULT_INJECTION: forcing a failure.
[  528.581372][T15287] name failslab, interval 1, probability 0, space 0, times 0
[  528.595052][T15290] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  528.606916][T15284] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  528.619435][T15287] CPU: 1 PID: 15287 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  528.629946][T15287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  528.640006][T15287] Call Trace:
[  528.643270][T15287]  <TASK>
[  528.646187][T15287]  dump_stack_lvl+0xcd/0x134
[  528.650777][T15287]  should_fail.cold+0x5/0xa
[  528.655300][T15287]  should_failslab+0x5/0x10
[  528.659797][T15287]  kmem_cache_alloc_bulk+0x4b/0x720
[  528.665087][T15287]  io_submit_sqes.cold+0x1b9/0x3f2
[  528.670210][T15287]  ? find_held_lock+0x2d/0x110
[  528.674972][T15287]  ? io_apoll_task_func+0x270/0x270
[  528.680187][T15287]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  528.686016][T15287]  __do_sys_io_uring_enter+0x119b/0x21d0
[  528.691690][T15287]  ? io_submit_sqes+0x98b0/0x98b0
[  528.696733][T15287]  ? find_held_lock+0x2d/0x110
[  528.701509][T15287]  ? __context_tracking_exit+0xb8/0xe0
[  528.706964][T15287]  ? lock_downgrade+0x6e0/0x6e0
[  528.711815][T15287]  ? lock_downgrade+0x6e0/0x6e0
[  528.716677][T15287]  ? syscall_enter_from_user_mode+0x21/0x70
[  528.722594][T15287]  do_syscall_64+0x35/0xb0
[  528.727028][T15287]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  528.732921][T15287] RIP: 0033:0x7fb48a0890e9
[  528.737327][T15287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  528.756937][T15287] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  528.765339][T15287] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  528.773500][T15287] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  528.781486][T15287] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  528.789594][T15287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
01:36:39 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
ioctl$TUNSETOFFLOAD(r1, 0x400454de, 0x7fffffffefff) (async)
writev(r1, &(0x7f0000001440)=[{&(0x7f0000000040)="1d9805ecacaa8613162b969af43adc52157a4177c05e6e216c3e578acfeb89d29e1d3d95d368391e506d64e1ac8950ee16743e7bc14a5fba6b19d8f231dd4f3c492ebbf692d4823f134e732571f72c68ae5ed725fa3d9a8983597e32cad2d01b9b594ddd16ae81aef36d9c7e46b16b8d050531751bcf25e33d61e1c2b1564e7cebcf836c0fd2470489e817bab14bdd703bc7f43750cc57f6", 0x98}, {&(0x7f0000000100)="35c802c13c5dc2eb145b1deb59bcffbfd8d5968306fc2c5bc9b7bc8a9b0022c14e6b67c1358c225fd2702a3c5d537fabea9ef4c9e3c367e34d007a2acd4d6ba9062b663a9ce90d1bb3a66a21d785b01b9bdff3a83b97c0ba6b6228edcde6bfec22a376b62848cbcd18e7ddca6f17f1e9629defaf2b0ccdf5025436ba4607ac48aa18dd979025c109ac4c96becdedaf22dc4b0e32ad9068bd9e", 0x99}, {&(0x7f00000001c0)="aad43d66fc5b0927bfa2d0a0d53f985c706d8dc568a4e021b11ed06d900ac598b3df069ed3fca481e86432125ace1da23ef4fea3ba9538a8c2602bb9020f80f113a6252c425e2bce1f6127d087366377b554a15553dd92f30a8d02f9660aa553add4be09e9033c48793dffeeafb5868ace41539e284be36c809b361249fa30e48c4908b092862df0a4baca418d9012c31080d4020034e7c2ab6e48a5512da874439760ed0c21906f41ca800bf9fbf181cdf32daed8079823f9773b79a797eb8974d0e7b096d459fae44d89cb6cced5f92735f012f07f44eaa393e2a33c8d9cc2bd616d4cd1b2", 0xe6}, {&(0x7f00000002c0)="ea711117fa3d71cb43c4d951cad0d1b4fbf3e74165fc452bb4802096528ef2bd7f69a5ae842d6835985858ef0c7e2106008d9f218f9fa261c03917483877783e4923bc1a3b91d9aede75a1930dd9f79763a5a9d2b83c3f0f7d4b8972a61f0a46df9dc18c6b489e42810b07d8cbae1ae594a0a291d2951de2ce2d9387302cce3d3949f88c3a8de567fc47e4", 0x8b}, {&(0x7f0000000400)="a4f7d81424e9ed4f100e27c08568fa1bff08dae81429f77cdfd7f9e687f643f1bbf5aaec405c5db6f600716296b456", 0x2f}, {&(0x7f0000000440)="7bf2b5b52374adfd2bae1b9e57ff00aa08bfb85bc552e8b5518c6276dac8d481bc624fd5c58345457490bf862d585ff711a95283285870fa49f63e7e57407a77c6f2b51367c9f9153d0d57eac57c84c8f2cdbe1291250abf37edca05b7046dbac217a78dab87d3cbdbd01c0089fac9897e39d507d671fa4ff4857bfb66c3a769d1cea586fe590fba52aa9cb538e7a2850b3f251050f6d7e05b2720b970a5691d586c51f569770a2cbe9f28d481d9cc9bae9d3cabb351f37380e80762e2f26ebcb53475e2292f068b6f9495386752deec0da6da0351d340c56d9b1be11f63180829ea6ff2078f8e040dcb7a1aa0a3dd5f3393eb23a9e98f85fd2528e52212111d1d7a7476c0d46b4aa1c7b573464a8df0b17458c05a772281bc35981edaa0793ea9f66e6de250202908efb5ad5a464970b7cfac4a06a90f8f4e242246b31dfd1ac15236e395eb68f0ce4cf673651aece8c06b44e2bcdb0d91752a19797b35bd4f48fdc6b90412f2fdece5c5d29edbfee4f63bbe3f7934fba4b28b66f15983df17124aa6a3ddcf982f3f0775fa4050663a4c740a3223c11770279f7b4f563d738df61d56204ec2c21ba43579ea8a415965103faeb7f1afa2beadde367a6273964b04544bc0d81b878ccbd8d714e104f86e4955560582cc90c6c587ddcdb0df902810cac115942a821f3a0f2e29ba17fa7baed2bd282f469e0c50963e203aabe9bdfcf420576c482b119104fef4943df7a6bec00b460cdeb73a78354fe6a01588c63aaa00934e40de1fc9a1b07a4d7f975152cee05bbdf35f48e98e58b0c9594e2358ccf8a3c6e5810876d51b66386f13a70602af94998cecda5365004df6c8c967db7520675669d9384090c971797cdfc50e00598c0cecc7448a4f5ca09a725cba47461183c2be7a703472119349b97af0c065cdcefb4dcae2257e85cd3bbac72d2d028871fc1cd6547e7f8940cbdb05665ab430e8455881f9086f3b31eff7fc1c7cb8cd593ec57a7e8ecadfbf742cfc1585d95c2131d26a7b1146d43ed7886eca3cefdc545e9187e371623d15b552649c6735db120c6c0add475ac89fce243453e8ffc8279f39735dac786bbff90647985a399fd3a960bbabf99967e0e602f9acda33a33576126927ce0d6db6387e01966d14ad52678e054bbbe583d0de6587c03cc2c1e7eb4cf86c1464a9f953a7b982b744efa28d566b7e2e9ebb3e784a8c31217b786f6905d68ea209d8479784b97adb34367bde79ea966ed9aea411f2ba89bc7d6e3cdc2d15d0343ffdb7e6e3e21489f390172dd24dc89456b9c5b146d33c42f74863ba643e982e1bf1eae827a3879971e4444d09ae4c7f97f90575882a4e64216e34fa37556ddecd41d90deddcf2583bf7468e3a692c0af5bb384353430f5f2b7c39f1ca02aa828741148e3ec2bb3f4722ff157502ae82ecb1935328df5bbabe5529d4ce87af13c14553e1288a459396b7bad642f8213ce2f3ce3390524beca6f978ef30ec8784d1ad48e4df7143023039250106d92faeabdb1d95c9a711602f2a427de9ae405aea0e3ee7d9e13593f9eaf12e8a5848025285e3a53d64b576d89c5ceab867fc832c924f7b6ff04af12cc2854d20404ec3f1ef795c1f4af324dcc884bbbc98b4371e53fc23a8430c589cd92b2f3c76ff5e8df0c61035073be0829757fcaedbc39db0bcf135c5edda3ef18be2efa73e91fe2f69e7b2b18f7efdb9d83bad2642eedd48087281554e384fbdad7b20c27ce0bc3b6edc4b69a8243969bfba0508aa9e9e1c8905f2be4404742cfa7886bbac272907547ccf556cf0bdc7b91f1cecca802e0c2c7d6f588f3a0feaa69b8155c8901f4ef2344bdd4407fd60f0f57f50c087ec1ba268fa30a5d82549c82b4b5aacfdce580f85d153a9ae33de8597b789ea4a91ecc19070fa660e473b4136af88c7f59b2389dd621c2dc9355b218a2aa1e704c16d127feaecd5bfef16ac45bca5646195ea0d7952741cca7e95623898b7470f5c30a728f85eb6b808d22f2f13c1085399baef3262ab6980ce1a83c47827a88a630787436dc9b8bf80d02425ae672d096259ee343cc1f60f55b761f4e7c635e19bd676006c6c2b6bb33435b7b498bdb0c78ced19643bdf0ab5bdfa8aa93693b01fb9f255c02e7d3218ca80ec8c53d13ef458e13b4bc6fb87fbbc8fb4ddc554da431af23ca473dd0561a10b0628ca3849182711a20599a7f35b7e1ea1d3d7c2a75e6127ff2227d09c42f4a77f2fe97dca7ca754e5bb3e3f0503a282b9f54d052f840f6d9dc4930ee8f555dd9b0dba376c37438014b9505520cd9d6515053737dab6e0766a05ec61c060ec16f7cc23c324e7b43c46103c38c265e88f9c76a82ce9324333f258c4b81efbb7ba643e72e6f6ba374e3df29f7016e73215ac19c101633ea7f8d70c43e1fc7ab90bb24fd070abdde9eb2c80d17f2e981c2c0ede1664b036f5a969a42c0ce83c173dae152814f8d28b50d320b66050487bb8f1744d4cf4cf1b8810c2a84838a68fe929c61f36f23d1080038ac86a5eb4b0217d9b67166fefb149170039a13a79879e7e5c1c57520aac02a4ee33f2dbbf3adcb82d6bb81592209a93f854d1f6b108f93f644fb77fe2cc3d7369ca4c090602aeac87da871ce606ac46a40042b332fe1b0975a1742e37d98c3df33084cbafae74fa87d83b667963c0ef6d488a650a7338e66acdc75729a915c1484af35e2150e295488caaaf3f891c3676b5145e0b2d13daf623a6fa4141c804450172ebfd804f72ed28bc78e27cc7bf3758adb7522869c434e0b69c87c7855bf3390d17589b43365437d53119f068d51956916e454462e8b44277fa9b446ffbdec1f78b7d9e50d5655d3771297ab44832d66f682377aaccb27ca1e5afbf4deabc2b2817522a5361516faa9afac453edcd4288ea2ed8d5cfe5c87179c8dde685d8f748f7f1da7c864491fdf22980ad6e101a9fa50ff4f29151ea1c80a27f3afeced75e87b4ab93a375f700d739d521fea2e7fc64d387ee3aff59197c74c841f80d9f873e70c2b3f8cec97cb849291630b0d135e56dbbb59dc4c022538e8b06c688143ce6e328150bbe2d7425b850a937e919e73653c9d0117fc6562757946fd875b6bb18008ee70927fb522b0aafde8c9853ea6840da1b5d2d2595f3bc6291810f8d787b54b73e6ffc6cbb6d7dfd328a4854fa6d036e930f59175bbce6553678125218f657d5e0d991e12ba93dcf36c7bf96dff24238028e474c54f2a878b7a6e7a2ed579b3824c38db4dfdf8da8965a2e9d28a2d05ddca332c11b8883e5f1d4bf4d7120075ae6b3e64979a86f71468bb2e5e0850f2e8892af5989cf7d7954ce25716be720c8e666df9ddfec9b2a90fca7170f05169dd559c2ace93de7b9d8acc60c45b014f5048aa216c8082ebedf4232aed900c50e400f14261c86654bcd0564a2acf4204a74e2087cd6b473281efe1a5a0beeefdd68795a75ad57f2f6c412023522ed38017557eb07e33d2d04db13d8b769ed161b985cab9c2a890596ecd2bd1c1f9a16b5d4a235688b0f577c51feca9af283ef8d9ea83cc4c3e51692bf7ad43cb31cbee604db9c03c79b46028cad2e27b024246bafd7fc38dc6dea06d37cc93282dc7292abefb704c4376e7037eefe955a3f8005fd58a4445167a7120489933bb4803d149330da07f33578ebba0b2a50bbb7656a439bf65d4415ecde6d244ca9705d235f04eeefe6cbb34931c186a595d98e5ecb9498e280838fabe9154c28d02e61306aff27c96d46e3023ba7a5ee4ef77389eac5e952149090e51443b83a7ba5cadb429585a01118460713b9de1f0347bce812dbc5cd25fc7833ae27edd679e1bf998280dd705a4de62c13f466faff9af674273c75b1048357056ffce8b260f6d9afca146726285473b21bc79da3f2028c55cc52996358bb199a5e43da130680d6ab04985cd6b1e97c35c0caa993bc7206e58ef784a2f22a1e2fb5db0163ea40b0b30c74d6d34e64e61dc9936cd0b49ac2b78eefd8154df8819a00f2467c7710aff7be74f9c460b2ce65d99d4cde8da9b8efd124ec4836c4d98baf64cd5d4347138c4643d57c220682e423a62dbb2b9cb39626ee4b3a43d8742b01d8a92992ec74c6828e224dc2601138414344e95073ffbf0d0e31e9e5f5c9c9f40f67f2606effce709dab33ccbdff022b9ff69d1a00b5f963d444df2ae196bf5ce1df4f8aeb6884ce78bb62ad1198a2c3abce04e57ff85d6fdc438a5a9835a004c0ba723fb0afec79b1df8b790db215e5b12f978b61bbe8f0d9288d43afbabe80202c404fe623d6caaf5b15390c2f41b95d5e341ef46fb3147ef2d28308dc72f9d3cddfb6a9aa075ae6e38b853058220ac8b4b9cdd756cc4b691f72fdd8697d0a9b5089ef4eb1788c302540a05c4ffeecfebce16efaff3c9566b1bd8845c9612454728891aa689ef3acc0f00fd20adc175c92f40e686c7e3b1d3f0d5890f189b89f6f5f3d080e454116a64fff7b47e562efd63e83d26c7ac4db33679e2907233ccbd6809ed1b013523ee939dd1a6eb583ff3ab7ae18d469110b940878e1aade6f50eb9f0e782314fd52c32babdd2bc781e387742918493319675b3ce53cbc81b80fd39f3347af635c97a5b0d03e9b7047a9ae096ab33999b16303f31b09f2c6599debaa3d563cfe7e76793aa589b6cd785f4030880ccf36b28f7c8012b140dd68a733d816dd8ef234f2ee4d1f6934f06660cdcc7aad1ed244d097e80fdc36c71ff37a14afa78720e0b29048c7718b8544a73f438b7ca47dcb25947dfcb9f7ae41c612c36244a604d4f13c63a7047b892ccee82efb978ff796784eb21a2d01c0b819c07c34bf1b78f312f18e723fadba1c247023fa00c09c351a2bf347801548d7a96c4e4e33c92aeebda093196d8ee1c189a9642956c082373f861ffeb7a51d19515d7effc1a41aace688b60ffac5cd849c0c173cc10f4a02488c07031f092c9f2b0c1a609edfccc23bb51e9cf775fec4fcf924123206bc718e818aa699078f80af9c0f776981aa375d97d0b11b0b1e66503b06abf250a0d2c356a31c3c4913af57afca1bf0909eaf6ef12991ab54048937ab18570f3afece777c49e6550a39b021d20d7d29999783235b11f5c1f21b784e8a06766b9078fa093fd3f7822f0ba670e88f29ae536e2c263bcd8a2bfbb00ba0fa30b7d1f8ba82c7c4c06b8476755cf9ad9fd7a59feade7a03d4e372500c886cd28d548b8b67e11385ee67dcbcb8566dad5f72ac784dcd5a5bcb50977e0146948bda484e6f5f91a07b28d8e2ceb33533123a0f92f5b42ef72f96f10994bd7aac456be66c40e037ecf4e04600837e6df4fc49204a065160a8988b834b046b1c766990eccd18a3a8f5a35348a31ab2c99b7c97f5c34558fa5ac85ea5144e8b8fba674a274cd292b5cb650fb15bf97b6f51f04a7ecf064df296ee01804703cbf636ccd8e36524aa060aaad7664d2c0d145cd6de600772979674284c8781c552e35f2a3dc1b7c34bfa8717771ae8884cb964f9c75cb3690eee7344e55dad4fa86be7a1709bf9e405fea9a64e7fca0964573e78110e46c42cac7015e42aa074ddd52ac6274cf577e3ba766313b0193a6fff03818235dbac6c19715b4c5ff261016096b039dc172a447261d857854745bfc75957ed1fef524451ce03232c536bfb821d610dd19e898b2c7daa4ac3f3c94cd63a29792a02e434f2287b6620f4bba0a2dd18f74ae0e73c6b8b9cdf0b9893dc1588c5b8c3b6f707614889bcc1d685dc3c7200a6eeb6457d98817ac7154a3268dcec39660ccc66", 0x1000}], 0x6) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690781a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000890780000"], 0x0) (async)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x100100)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
ioctl$TUNSETOFFLOAD(r3, 0x400454de, 0x7fffffffefff) (async)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r2, 0x50009418, &(0x7f00000014c0)={{r3}, 0x0, 0xe, @unused=[0xfa, 0xffff, 0x6, 0xd717], @subvolid})

[  528.797569][T15287] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  528.805548][T15287]  </TASK>
01:36:39 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x1c}, 0x0, 0x0)

01:36:39 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x22}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:39 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
accept4(r0, 0x0, &(0x7f0000000000), 0x80000)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:39 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 4)

[  529.010430][T15303] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  529.060286][T15307] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  529.097099][T15303] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:40 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  529.131281][T15311] FAULT_INJECTION: forcing a failure.
[  529.131281][T15311] name failslab, interval 1, probability 0, space 0, times 0
[  529.175503][T15311] CPU: 1 PID: 15311 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  529.186025][T15311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  529.196102][T15311] Call Trace:
[  529.199398][T15311]  <TASK>
[  529.202345][T15311]  dump_stack_lvl+0xcd/0x134
[  529.206959][T15311]  should_fail.cold+0x5/0xa
[  529.211475][T15311]  ? memcg_alloc_slab_cgroups+0x8b/0x140
[  529.217189][T15311]  should_failslab+0x5/0x10
[  529.221690][T15311]  __kmalloc_node+0x75/0x390
[  529.226276][T15311]  memcg_alloc_slab_cgroups+0x8b/0x140
[  529.231730][T15311]  allocate_slab+0x2c9/0x3c0
[  529.236315][T15311]  ___slab_alloc+0x8df/0xf20
[  529.240895][T15311]  ? io_submit_sqes.cold+0x1b9/0x3f2
[  529.246181][T15311]  ? mark_held_locks+0x9f/0xe0
[  529.250943][T15311]  kmem_cache_alloc_bulk+0x21c/0x720
[  529.256226][T15311]  io_submit_sqes.cold+0x1b9/0x3f2
[  529.261356][T15311]  ? find_held_lock+0x2d/0x110
[  529.266125][T15311]  ? io_apoll_task_func+0x270/0x270
[  529.271340][T15311]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  529.277145][T15311]  __do_sys_io_uring_enter+0x119b/0x21d0
[  529.282785][T15311]  ? io_submit_sqes+0x98b0/0x98b0
[  529.287805][T15311]  ? find_held_lock+0x2d/0x110
[  529.292571][T15311]  ? __context_tracking_exit+0xb8/0xe0
[  529.298031][T15311]  ? lock_downgrade+0x6e0/0x6e0
[  529.302892][T15311]  ? lock_downgrade+0x6e0/0x6e0
[  529.307749][T15311]  ? syscall_enter_from_user_mode+0x21/0x70
[  529.313646][T15311]  do_syscall_64+0x35/0xb0
[  529.318064][T15311]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  529.323962][T15311] RIP: 0033:0x7fb48a0890e9
[  529.328370][T15311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  529.347985][T15311] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  529.356413][T15311] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  529.364388][T15311] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  529.372354][T15311] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  529.380327][T15311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  529.388304][T15311] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  529.396288][T15311]  </TASK>
01:36:40 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x23}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  529.665603][T15316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:40 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2908, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:40 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x1d}, 0x0, 0x0)

01:36:40 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 5)

01:36:40 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
accept4(r0, 0x0, &(0x7f0000000000), 0x80000) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  529.858034][T15318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  529.890156][T15320] FAULT_INJECTION: forcing a failure.
[  529.890156][T15320] name failslab, interval 1, probability 0, space 0, times 0
[  529.916200][T15320] CPU: 1 PID: 15320 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  529.926734][T15320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  529.936782][T15320] Call Trace:
[  529.940060][T15320]  <TASK>
[  529.941036][T15318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  529.942994][T15320]  dump_stack_lvl+0xcd/0x134
[  529.957305][T15320]  should_fail.cold+0x5/0xa
[  529.961805][T15320]  should_failslab+0x5/0x10
[  529.966294][T15320]  kmem_cache_alloc_bulk+0x4b/0x720
[  529.971482][T15320]  io_submit_sqes.cold+0x1b9/0x3f2
[  529.976590][T15320]  ? find_held_lock+0x2d/0x110
[  529.981343][T15320]  ? io_apoll_task_func+0x270/0x270
[  529.986538][T15320]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  529.992336][T15320]  __do_sys_io_uring_enter+0x119b/0x21d0
[  529.997964][T15320]  ? io_submit_sqes+0x98b0/0x98b0
[  530.002974][T15320]  ? find_held_lock+0x2d/0x110
[  530.007728][T15320]  ? __context_tracking_exit+0xb8/0xe0
[  530.013174][T15320]  ? lock_downgrade+0x6e0/0x6e0
[  530.018127][T15320]  ? lock_downgrade+0x6e0/0x6e0
[  530.022976][T15320]  ? syscall_enter_from_user_mode+0x21/0x70
[  530.028861][T15320]  do_syscall_64+0x35/0xb0
[  530.033267][T15320]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  530.039146][T15320] RIP: 0033:0x7fb48a0890e9
[  530.043546][T15320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  530.063145][T15320] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  530.071643][T15320] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  530.079677][T15320] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  530.087637][T15320] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  530.095599][T15320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  530.103556][T15320] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  530.111522][T15320]  </TASK>
01:36:41 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x24}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:41 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 6)

01:36:41 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2908, 0x0, 0x0, 0x0, 0x200000000000000)

[  530.313022][T15329] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:41 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x1e}, 0x0, 0x0)

[  530.400242][T15331] FAULT_INJECTION: forcing a failure.
[  530.400242][T15331] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  530.460686][T15331] CPU: 1 PID: 15331 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  530.471224][T15331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  530.481287][T15331] Call Trace:
[  530.484580][T15331]  <TASK>
[  530.487524][T15331]  dump_stack_lvl+0xcd/0x134
[  530.492147][T15331]  should_fail.cold+0x5/0xa
[  530.496682][T15331]  prepare_alloc_pages+0x17b/0x570
[  530.501843][T15331]  __alloc_pages+0x12f/0x500
[  530.506460][T15331]  ? __alloc_pages_slowpath.constprop.0+0x20e0/0x20e0
[  530.513354][T15331]  ? ___slab_alloc+0x47e/0xf20
[  530.518141][T15331]  alloc_pages+0x1aa/0x310
[  530.522577][T15331]  ? mark_held_locks+0x9f/0xe0
[  530.527370][T15331]  allocate_slab+0x26c/0x3c0
[  530.531992][T15331]  ___slab_alloc+0x8df/0xf20
[  530.536607][T15331]  ? io_submit_sqes.cold+0x1b9/0x3f2
[  530.541930][T15331]  ? mark_held_locks+0x9f/0xe0
[  530.546733][T15331]  kmem_cache_alloc_bulk+0x21c/0x720
[  530.552050][T15331]  io_submit_sqes.cold+0x1b9/0x3f2
[  530.557204][T15331]  ? find_held_lock+0x2d/0x110
[  530.562002][T15331]  ? io_apoll_task_func+0x270/0x270
[  530.567244][T15331]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  530.573071][T15331]  __do_sys_io_uring_enter+0x119b/0x21d0
[  530.578727][T15331]  ? io_submit_sqes+0x98b0/0x98b0
[  530.583763][T15331]  ? find_held_lock+0x2d/0x110
[  530.588637][T15331]  ? __context_tracking_exit+0xb8/0xe0
[  530.594120][T15331]  ? lock_downgrade+0x6e0/0x6e0
[  530.598992][T15331]  ? lock_downgrade+0x6e0/0x6e0
[  530.603867][T15331]  ? syscall_enter_from_user_mode+0x21/0x70
[  530.609777][T15331]  do_syscall_64+0x35/0xb0
[  530.614214][T15331]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  530.620124][T15331] RIP: 0033:0x7fb48a0890e9
[  530.624545][T15331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  530.644239][T15331] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  530.652661][T15331] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  530.660630][T15331] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  530.668591][T15331] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  530.676556][T15331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  530.684518][T15331] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  530.692502][T15331]  </TASK>
[  530.779482][T15336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  530.810581][T15336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:41 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x25}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:41 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0)
accept4(r0, 0x0, &(0x7f0000000000), 0x80000)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  530.957638][T15338] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:41 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:36:41 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 7)

01:36:42 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x21}, 0x0, 0x0)

[  531.204663][T15347] FAULT_INJECTION: forcing a failure.
[  531.204663][T15347] name failslab, interval 1, probability 0, space 0, times 0
[  531.255185][T15348] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  531.276362][T15347] CPU: 0 PID: 15347 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  531.286913][T15347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  531.296980][T15347] Call Trace:
[  531.300248][T15347]  <TASK>
[  531.303164][T15347]  dump_stack_lvl+0xcd/0x134
[  531.307756][T15347]  should_fail.cold+0x5/0xa
[  531.312248][T15347]  should_failslab+0x5/0x10
[  531.316737][T15347]  kmem_cache_alloc_bulk+0x4b/0x720
[  531.321933][T15347]  io_submit_sqes.cold+0x1b9/0x3f2
[  531.327048][T15347]  ? find_held_lock+0x2d/0x110
[  531.331809][T15347]  ? io_apoll_task_func+0x270/0x270
[  531.337003][T15347]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  531.342797][T15347]  __do_sys_io_uring_enter+0x119b/0x21d0
[  531.348426][T15347]  ? io_submit_sqes+0x98b0/0x98b0
[  531.353442][T15347]  ? find_held_lock+0x2d/0x110
[  531.358195][T15347]  ? __context_tracking_exit+0xb8/0xe0
[  531.363735][T15347]  ? lock_downgrade+0x6e0/0x6e0
[  531.368577][T15347]  ? lock_downgrade+0x6e0/0x6e0
[  531.373425][T15347]  ? syscall_enter_from_user_mode+0x21/0x70
[  531.379312][T15347]  do_syscall_64+0x35/0xb0
[  531.383718][T15347]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  531.389626][T15347] RIP: 0033:0x7fb48a0890e9
[  531.394048][T15347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  531.413646][T15347] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  531.422046][T15347] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  531.430008][T15347] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  531.437963][T15347] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  531.445917][T15347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
01:36:42 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x26}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:42 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

[  531.453877][T15347] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  531.461845][T15347]  </TASK>
[  531.496001][T15348] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  531.530779][T15352] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:42 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 8)

[  531.830663][T15355] FAULT_INJECTION: forcing a failure.
[  531.830663][T15355] name failslab, interval 1, probability 0, space 0, times 0
[  531.848985][T15355] CPU: 0 PID: 15355 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  531.859688][T15355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  531.869903][T15355] Call Trace:
[  531.873196][T15355]  <TASK>
[  531.876132][T15355]  dump_stack_lvl+0xcd/0x134
[  531.880771][T15355]  should_fail.cold+0x5/0xa
[  531.885304][T15355]  should_failslab+0x5/0x10
[  531.889797][T15355]  kmem_cache_alloc_bulk+0x4b/0x720
[  531.894987][T15355]  io_submit_sqes.cold+0x1b9/0x3f2
[  531.900101][T15355]  ? find_held_lock+0x2d/0x110
[  531.904863][T15355]  ? io_apoll_task_func+0x270/0x270
[  531.910096][T15355]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  531.915892][T15355]  __do_sys_io_uring_enter+0x119b/0x21d0
[  531.921521][T15355]  ? io_submit_sqes+0x98b0/0x98b0
[  531.926545][T15355]  ? find_held_lock+0x2d/0x110
[  531.931318][T15355]  ? __context_tracking_exit+0xb8/0xe0
[  531.936788][T15355]  ? lock_downgrade+0x6e0/0x6e0
[  531.941636][T15355]  ? lock_downgrade+0x6e0/0x6e0
[  531.946490][T15355]  ? restore_fpregs_from_fpstate+0xcc/0x1e0
[  531.952441][T15355]  ? syscall_enter_from_user_mode+0x21/0x70
[  531.958809][T15355]  do_syscall_64+0x35/0xb0
[  531.963256][T15355]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  531.969245][T15355] RIP: 0033:0x7fb48a0890e9
[  531.974205][T15355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  531.993927][T15355] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  532.002455][T15355] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  532.010428][T15355] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  532.018398][T15355] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
01:36:42 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x27}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:42 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
setsockopt(r0, 0x401, 0x9, &(0x7f0000000000)="af9d9f967b98bd465cb90d336cc9c279762da79feb9a8562100422b084aac9159673248c5df68183b90945ca396ecd0612357ed0232ede9ff71dcf8b5031e1f722064f98bd50d9692df1afd494efd4a74dadc42fb7eb5df9de2a64c906d8adeae691283fbdae8cf537369999bf50be0a88a9116203ed89c288ef20812f7fd59addc7d740fd7b44060b9c54a686da4be0cdd1c6c535c492ffc7846fe39e89ad7c4a4d25e3c9ded9df8006e8ee746bf061ca09d733ce", 0xb5)

[  532.026357][T15355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  532.034314][T15355] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  532.042375][T15355]  </TASK>
01:36:42 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x22}, 0x0, 0x0)

01:36:43 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x2, 0x0, 0x0, 0x200000000000000)

01:36:43 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0) (async)
setsockopt(r0, 0x401, 0x9, &(0x7f0000000000)="af9d9f967b98bd465cb90d336cc9c279762da79feb9a8562100422b084aac9159673248c5df68183b90945ca396ecd0612357ed0232ede9ff71dcf8b5031e1f722064f98bd50d9692df1afd494efd4a74dadc42fb7eb5df9de2a64c906d8adeae691283fbdae8cf537369999bf50be0a88a9116203ed89c288ef20812f7fd59addc7d740fd7b44060b9c54a686da4be0cdd1c6c535c492ffc7846fe39e89ad7c4a4d25e3c9ded9df8006e8ee746bf061ca09d733ce", 0xb5)

[  532.152805][T15359] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  532.203713][T15361] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:43 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0)
setsockopt(r0, 0x401, 0x9, &(0x7f0000000000)="af9d9f967b98bd465cb90d336cc9c279762da79feb9a8562100422b084aac9159673248c5df68183b90945ca396ecd0612357ed0232ede9ff71dcf8b5031e1f722064f98bd50d9692df1afd494efd4a74dadc42fb7eb5df9de2a64c906d8adeae691283fbdae8cf537369999bf50be0a88a9116203ed89c288ef20812f7fd59addc7d740fd7b44060b9c54a686da4be0cdd1c6c535c492ffc7846fe39e89ad7c4a4d25e3c9ded9df8006e8ee746bf061ca09d733ce", 0xb5)

[  532.278583][T15361] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:43 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000080)=@in6, 0x80, &(0x7f0000000540)=[{&(0x7f0000000100)=""/107, 0x6b}, {&(0x7f0000000180)=""/44, 0x2c}, {&(0x7f0000000200)=""/213, 0xd5}, {&(0x7f0000000300)=""/110, 0x6e}, {&(0x7f0000000400)=""/53, 0x35}, {&(0x7f0000000440)=""/212, 0xd4}], 0x6, &(0x7f00000005c0)=""/199, 0xc7}, 0x101)
listen(r0, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, @in={0x2, 0x4e23, @multicast2}, @in6={0xa, 0x4e23, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x4}, @in={0x2, 0x4e20, @remote}], 0x58)
syz_emit_ethernet(0xff, &(0x7f0000000700)={@local, @multicast, @val={@val={0x9100, 0x0, 0x0, 0x1}, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @dccp={{0x27, 0x4, 0x2, 0x3c, 0xe9, 0x67, 0x0, 0xf9, 0x21, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ssrr={0x89, 0x17, 0xe8, [@private=0xa010102, @empty, @private=0xa010100, @multicast2, @dev={0xac, 0x14, 0x14, 0x29}]}, @timestamp_addr={0x44, 0x2c, 0x55, 0x1, 0x2, [{@empty, 0x1f800000}, {@multicast2, 0x4}, {@broadcast, 0x1000}, {@dev={0xac, 0x14, 0x14, 0x29}, 0x8001}, {@multicast1, 0x1}]}, @timestamp_prespec={0x44, 0x1c, 0x6f, 0x3, 0x2, [{@multicast2, 0xfff}, {@dev={0xac, 0x14, 0x14, 0x41}, 0x6}, {@dev={0xac, 0x14, 0x14, 0x39}, 0x8}]}, @ra={0x94, 0x4, 0x1}, @noop, @timestamp_addr={0x44, 0x1c, 0x59, 0x1, 0x0, [{@multicast2, 0x3}, {@remote, 0xe3}, {@private=0xa010100, 0x10000}]}, @ra={0x94, 0x4}, @ra={0x94, 0x4, 0x1}]}}, {{0x4e20, 0x4e22, 0x4, 0x1, 0x0, 0x0, 0x0, 0xa, 0x1, 'Ng`', 0x9, "0e6e80"}, "f0c9cf61ab245544d02ef66a8cdb828fe0ee8c36cc16d6a73a5ce1998deefd7acc8791300f761cdc01afbd57c890aba97a662420a09a33674f1c1d6275"}}}}}, 0x0)

01:36:43 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x2, 0x0, 0x0, 0x200000000000000)

01:36:43 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 9)

01:36:43 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000080)=@in6, 0x80, &(0x7f0000000540)=[{&(0x7f0000000100)=""/107, 0x6b}, {&(0x7f0000000180)=""/44, 0x2c}, {&(0x7f0000000200)=""/213, 0xd5}, {&(0x7f0000000300)=""/110, 0x6e}, {&(0x7f0000000400)=""/53, 0x35}, {&(0x7f0000000440)=""/212, 0xd4}], 0x6, &(0x7f00000005c0)=""/199, 0xc7}, 0x101)
listen(r0, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, @in={0x2, 0x4e23, @multicast2}, @in6={0xa, 0x4e23, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x4}, @in={0x2, 0x4e20, @remote}], 0x58)
syz_emit_ethernet(0xff, &(0x7f0000000700)={@local, @multicast, @val={@val={0x9100, 0x0, 0x0, 0x1}, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @dccp={{0x27, 0x4, 0x2, 0x3c, 0xe9, 0x67, 0x0, 0xf9, 0x21, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ssrr={0x89, 0x17, 0xe8, [@private=0xa010102, @empty, @private=0xa010100, @multicast2, @dev={0xac, 0x14, 0x14, 0x29}]}, @timestamp_addr={0x44, 0x2c, 0x55, 0x1, 0x2, [{@empty, 0x1f800000}, {@multicast2, 0x4}, {@broadcast, 0x1000}, {@dev={0xac, 0x14, 0x14, 0x29}, 0x8001}, {@multicast1, 0x1}]}, @timestamp_prespec={0x44, 0x1c, 0x6f, 0x3, 0x2, [{@multicast2, 0xfff}, {@dev={0xac, 0x14, 0x14, 0x41}, 0x6}, {@dev={0xac, 0x14, 0x14, 0x39}, 0x8}]}, @ra={0x94, 0x4, 0x1}, @noop, @timestamp_addr={0x44, 0x1c, 0x59, 0x1, 0x0, [{@multicast2, 0x3}, {@remote, 0xe3}, {@private=0xa010100, 0x10000}]}, @ra={0x94, 0x4}, @ra={0x94, 0x4, 0x1}]}}, {{0x4e20, 0x4e22, 0x4, 0x1, 0x0, 0x0, 0x0, 0xa, 0x1, 'Ng`', 0x9, "0e6e80"}, "f0c9cf61ab245544d02ef66a8cdb828fe0ee8c36cc16d6a73a5ce1998deefd7acc8791300f761cdc01afbd57c890aba97a662420a09a33674f1c1d6275"}}}}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000080)=@in6, 0x80, &(0x7f0000000540)=[{&(0x7f0000000100)=""/107, 0x6b}, {&(0x7f0000000180)=""/44, 0x2c}, {&(0x7f0000000200)=""/213, 0xd5}, {&(0x7f0000000300)=""/110, 0x6e}, {&(0x7f0000000400)=""/53, 0x35}, {&(0x7f0000000440)=""/212, 0xd4}], 0x6, &(0x7f00000005c0)=""/199, 0xc7}, 0x101) (async)
listen(r0, 0x0) (async)
pipe2(&(0x7f0000000040), 0x0) (async)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, @in={0x2, 0x4e23, @multicast2}, @in6={0xa, 0x4e23, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x4}, @in={0x2, 0x4e20, @remote}], 0x58) (async)
syz_emit_ethernet(0xff, &(0x7f0000000700)={@local, @multicast, @val={@val={0x9100, 0x0, 0x0, 0x1}, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @dccp={{0x27, 0x4, 0x2, 0x3c, 0xe9, 0x67, 0x0, 0xf9, 0x21, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ssrr={0x89, 0x17, 0xe8, [@private=0xa010102, @empty, @private=0xa010100, @multicast2, @dev={0xac, 0x14, 0x14, 0x29}]}, @timestamp_addr={0x44, 0x2c, 0x55, 0x1, 0x2, [{@empty, 0x1f800000}, {@multicast2, 0x4}, {@broadcast, 0x1000}, {@dev={0xac, 0x14, 0x14, 0x29}, 0x8001}, {@multicast1, 0x1}]}, @timestamp_prespec={0x44, 0x1c, 0x6f, 0x3, 0x2, [{@multicast2, 0xfff}, {@dev={0xac, 0x14, 0x14, 0x41}, 0x6}, {@dev={0xac, 0x14, 0x14, 0x39}, 0x8}]}, @ra={0x94, 0x4, 0x1}, @noop, @timestamp_addr={0x44, 0x1c, 0x59, 0x1, 0x0, [{@multicast2, 0x3}, {@remote, 0xe3}, {@private=0xa010100, 0x10000}]}, @ra={0x94, 0x4}, @ra={0x94, 0x4, 0x1}]}}, {{0x4e20, 0x4e22, 0x4, 0x1, 0x0, 0x0, 0x0, 0xa, 0x1, 'Ng`', 0x9, "0e6e80"}, "f0c9cf61ab245544d02ef66a8cdb828fe0ee8c36cc16d6a73a5ce1998deefd7acc8791300f761cdc01afbd57c890aba97a662420a09a33674f1c1d6275"}}}}}, 0x0) (async)

01:36:43 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x28}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  532.547406][T15377] FAULT_INJECTION: forcing a failure.
[  532.547406][T15377] name failslab, interval 1, probability 0, space 0, times 0
[  532.578526][T15377] CPU: 0 PID: 15377 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  532.589080][T15377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  532.599585][T15377] Call Trace:
[  532.602954][T15377]  <TASK>
[  532.605899][T15377]  dump_stack_lvl+0xcd/0x134
[  532.610513][T15377]  should_fail.cold+0x5/0xa
[  532.615026][T15377]  ? memcg_alloc_slab_cgroups+0x8b/0x140
[  532.620659][T15377]  should_failslab+0x5/0x10
[  532.625279][T15377]  __kmalloc_node+0x75/0x390
[  532.629873][T15377]  memcg_alloc_slab_cgroups+0x8b/0x140
[  532.635360][T15377]  allocate_slab+0x2c9/0x3c0
[  532.639996][T15377]  ___slab_alloc+0x8df/0xf20
[  532.644589][T15377]  ? io_submit_sqes.cold+0x1b9/0x3f2
[  532.649984][T15377]  ? mark_held_locks+0x9f/0xe0
[  532.654906][T15377]  kmem_cache_alloc_bulk+0x21c/0x720
[  532.660808][T15377]  io_submit_sqes.cold+0x1b9/0x3f2
[  532.665927][T15377]  ? find_held_lock+0x2d/0x110
[  532.670691][T15377]  ? io_apoll_task_func+0x270/0x270
[  532.675907][T15377]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  532.681721][T15377]  __do_sys_io_uring_enter+0x119b/0x21d0
[  532.687371][T15377]  ? io_submit_sqes+0x98b0/0x98b0
[  532.692405][T15377]  ? find_held_lock+0x2d/0x110
[  532.697172][T15377]  ? __context_tracking_exit+0xb8/0xe0
[  532.702628][T15377]  ? lock_downgrade+0x6e0/0x6e0
[  532.707477][T15377]  ? lock_downgrade+0x6e0/0x6e0
[  532.712332][T15377]  ? syscall_enter_from_user_mode+0x21/0x70
[  532.718222][T15377]  do_syscall_64+0x35/0xb0
[  532.722648][T15377]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  532.728630][T15377] RIP: 0033:0x7fb48a0890e9
[  532.733040][T15377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  532.752638][T15377] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  532.761043][T15377] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  532.769005][T15377] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  532.776992][T15377] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  532.784954][T15377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
01:36:43 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x23}, 0x0, 0x0)

[  532.792919][T15377] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  532.800951][T15377]  </TASK>
[  532.815199][T15379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:43 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000080)=@in6, 0x80, &(0x7f0000000540)=[{&(0x7f0000000100)=""/107, 0x6b}, {&(0x7f0000000180)=""/44, 0x2c}, {&(0x7f0000000200)=""/213, 0xd5}, {&(0x7f0000000300)=""/110, 0x6e}, {&(0x7f0000000400)=""/53, 0x35}, {&(0x7f0000000440)=""/212, 0xd4}], 0x6, &(0x7f00000005c0)=""/199, 0xc7}, 0x101) (async)
listen(r0, 0x0) (async)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, @in={0x2, 0x4e23, @multicast2}, @in6={0xa, 0x4e23, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x4}, @in={0x2, 0x4e20, @remote}], 0x58) (async)
syz_emit_ethernet(0xff, &(0x7f0000000700)={@local, @multicast, @val={@val={0x9100, 0x0, 0x0, 0x1}, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @dccp={{0x27, 0x4, 0x2, 0x3c, 0xe9, 0x67, 0x0, 0xf9, 0x21, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ssrr={0x89, 0x17, 0xe8, [@private=0xa010102, @empty, @private=0xa010100, @multicast2, @dev={0xac, 0x14, 0x14, 0x29}]}, @timestamp_addr={0x44, 0x2c, 0x55, 0x1, 0x2, [{@empty, 0x1f800000}, {@multicast2, 0x4}, {@broadcast, 0x1000}, {@dev={0xac, 0x14, 0x14, 0x29}, 0x8001}, {@multicast1, 0x1}]}, @timestamp_prespec={0x44, 0x1c, 0x6f, 0x3, 0x2, [{@multicast2, 0xfff}, {@dev={0xac, 0x14, 0x14, 0x41}, 0x6}, {@dev={0xac, 0x14, 0x14, 0x39}, 0x8}]}, @ra={0x94, 0x4, 0x1}, @noop, @timestamp_addr={0x44, 0x1c, 0x59, 0x1, 0x0, [{@multicast2, 0x3}, {@remote, 0xe3}, {@private=0xa010100, 0x10000}]}, @ra={0x94, 0x4}, @ra={0x94, 0x4, 0x1}]}}, {{0x4e20, 0x4e22, 0x4, 0x1, 0x0, 0x0, 0x0, 0xa, 0x1, 'Ng`', 0x9, "0e6e80"}, "f0c9cf61ab245544d02ef66a8cdb828fe0ee8c36cc16d6a73a5ce1998deefd7acc8791300f761cdc01afbd57c890aba97a662420a09a33674f1c1d6275"}}}}}, 0x0)

[  532.917875][T15388] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:43 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e2229235c83171da26613f8781d20577e3c63d42136ec238b3309232f504935177f25e6c42b2274d281de0c259eb39de20d99d7818511f6e395f9d03402000000d6b0cdbe922705b88208577c5de64295844ce1d83f0674e84cf5b2944b7421201768e2d95ec5a10f1f6a677d4afc8ce4059e39ab71b32ef14c2cf99a338ee00326e1e89eaf48919dc5faa68376accf87b47379d31b065aebc0f88a29fadc927b7576d99c477c993650bfba64dcb6a1b2cf05d69cf0e6f9bb5a4b2d615fa0498718c09ff1b48a9dd53bab8165da2135dc87b5d523d5b7a92a22acb9e42f94880f661ce972d91ea285ea6196f18a810acfd6f64866134a5dd800c95aa3d82bda94d63831404aa1f2862b41f386a01c537f2500000043741130a69a01a84a63ea4c3f4fbab15681459cce7d454230b70095a6327e6c0120b2c1950f33d1fb43b73060edc712706913f8069f7f71b9d0bd35825cf0f30d23815500024eda559547b2799ae057a3044f526bfc4cb082ae5f32406010501a25b02f1a3caeee3abbad9cb314d7fdc88a82d6122c581472442fac65ad08a95a9a162647f19688ac0f19f404ad13b7fd2e49c41c21bedc7df390ad36003b13d95e11be12123ade4c122568c308b5a19074031e3e50fb35716c998f67bf55fb7b05da02b73edaaf7628cd2152617a5d1dd1206e7367453269db4d389bd2a773b424499368d7eb762abac78bd109f2af046f8bb26c8c23b4d1ee26a4a2429b6b2e276d5ea11924c73ced2f51fe183d0c1f85213863dbedba79b095e50395c467177be10d98c2bbfc70d9e8ba0e3b5545cdc4963c858c77adcf882591689d65b705b74de0a104f93222bf9475df0e185009f6f7c69a39889b33435a7dc113fa54e5d5ab84713b3c1811f49a748f4ada1804305fd389ad8f210fbd9d0b431585069eb2d90144e9935159d6e615c6eaa4d76e9e348f5b83529290a1d334c82a760164cb760d7ed41a3b0d466d50facdfd3bc75fc5e13fb5e9020c617e6300cff2d3a467c568bbd56321232001fa007ce0df", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

01:36:43 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x7, 0x0, 0x0, 0x200000000000000)

[  533.015671][T15388] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:44 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x29}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:44 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e2229235c83171da26613f8781d20577e3c63d42136ec238b3309232f504935177f25e6c42b2274d281de0c259eb39de20d99d7818511f6e395f9d03402000000d6b0cdbe922705b88208577c5de64295844ce1d83f0674e84cf5b2944b7421201768e2d95ec5a10f1f6a677d4afc8ce4059e39ab71b32ef14c2cf99a338ee00326e1e89eaf48919dc5faa68376accf87b47379d31b065aebc0f88a29fadc927b7576d99c477c993650bfba64dcb6a1b2cf05d69cf0e6f9bb5a4b2d615fa0498718c09ff1b48a9dd53bab8165da2135dc87b5d523d5b7a92a22acb9e42f94880f661ce972d91ea285ea6196f18a810acfd6f64866134a5dd800c95aa3d82bda94d63831404aa1f2862b41f386a01c537f2500000043741130a69a01a84a63ea4c3f4fbab15681459cce7d454230b70095a6327e6c0120b2c1950f33d1fb43b73060edc712706913f8069f7f71b9d0bd35825cf0f30d23815500024eda559547b2799ae057a3044f526bfc4cb082ae5f32406010501a25b02f1a3caeee3abbad9cb314d7fdc88a82d6122c581472442fac65ad08a95a9a162647f19688ac0f19f404ad13b7fd2e49c41c21bedc7df390ad36003b13d95e11be12123ade4c122568c308b5a19074031e3e50fb35716c998f67bf55fb7b05da02b73edaaf7628cd2152617a5d1dd1206e7367453269db4d389bd2a773b424499368d7eb762abac78bd109f2af046f8bb26c8c23b4d1ee26a4a2429b6b2e276d5ea11924c73ced2f51fe183d0c1f85213863dbedba79b095e50395c467177be10d98c2bbfc70d9e8ba0e3b5545cdc4963c858c77adcf882591689d65b705b74de0a104f93222bf9475df0e185009f6f7c69a39889b33435a7dc113fa54e5d5ab84713b3c1811f49a748f4ada1804305fd389ad8f210fbd9d0b431585069eb2d90144e9935159d6e615c6eaa4d76e9e348f5b83529290a1d334c82a760164cb760d7ed41a3b0d466d50facdfd3bc75fc5e13fb5e9020c617e6300cff2d3a467c568bbd56321232001fa007ce0df", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

01:36:44 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 10)

[  533.202102][T15403] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:44 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e2229235c83171da26613f8781d20577e3c63d42136ec238b3309232f504935177f25e6c42b2274d281de0c259eb39de20d99d7818511f6e395f9d03402000000d6b0cdbe922705b88208577c5de64295844ce1d83f0674e84cf5b2944b7421201768e2d95ec5a10f1f6a677d4afc8ce4059e39ab71b32ef14c2cf99a338ee00326e1e89eaf48919dc5faa68376accf87b47379d31b065aebc0f88a29fadc927b7576d99c477c993650bfba64dcb6a1b2cf05d69cf0e6f9bb5a4b2d615fa0498718c09ff1b48a9dd53bab8165da2135dc87b5d523d5b7a92a22acb9e42f94880f661ce972d91ea285ea6196f18a810acfd6f64866134a5dd800c95aa3d82bda94d63831404aa1f2862b41f386a01c537f2500000043741130a69a01a84a63ea4c3f4fbab15681459cce7d454230b70095a6327e6c0120b2c1950f33d1fb43b73060edc712706913f8069f7f71b9d0bd35825cf0f30d23815500024eda559547b2799ae057a3044f526bfc4cb082ae5f32406010501a25b02f1a3caeee3abbad9cb314d7fdc88a82d6122c581472442fac65ad08a95a9a162647f19688ac0f19f404ad13b7fd2e49c41c21bedc7df390ad36003b13d95e11be12123ade4c122568c308b5a19074031e3e50fb35716c998f67bf55fb7b05da02b73edaaf7628cd2152617a5d1dd1206e7367453269db4d389bd2a773b424499368d7eb762abac78bd109f2af046f8bb26c8c23b4d1ee26a4a2429b6b2e276d5ea11924c73ced2f51fe183d0c1f85213863dbedba79b095e50395c467177be10d98c2bbfc70d9e8ba0e3b5545cdc4963c858c77adcf882591689d65b705b74de0a104f93222bf9475df0e185009f6f7c69a39889b33435a7dc113fa54e5d5ab84713b3c1811f49a748f4ada1804305fd389ad8f210fbd9d0b431585069eb2d90144e9935159d6e615c6eaa4d76e9e348f5b83529290a1d334c82a760164cb760d7ed41a3b0d466d50facdfd3bc75fc5e13fb5e9020c617e6300cff2d3a467c568bbd56321232001fa007ce0df", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

[  533.249799][T15405] FAULT_INJECTION: forcing a failure.
[  533.249799][T15405] name failslab, interval 1, probability 0, space 0, times 0
[  533.264486][T15405] CPU: 1 PID: 15405 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  533.275590][T15405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  533.285646][T15405] Call Trace:
[  533.288921][T15405]  <TASK>
[  533.291862][T15405]  dump_stack_lvl+0xcd/0x134
[  533.296484][T15405]  should_fail.cold+0x5/0xa
[  533.301042][T15405]  should_failslab+0x5/0x10
[  533.305564][T15405]  kmem_cache_alloc_bulk+0x4b/0x720
[  533.310795][T15405]  io_submit_sqes.cold+0x1b9/0x3f2
[  533.315954][T15405]  ? find_held_lock+0x2d/0x110
[  533.320757][T15405]  ? io_apoll_task_func+0x270/0x270
[  533.325985][T15405]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  533.331789][T15405]  __do_sys_io_uring_enter+0x119b/0x21d0
[  533.337424][T15405]  ? io_submit_sqes+0x98b0/0x98b0
[  533.342438][T15405]  ? find_held_lock+0x2d/0x110
[  533.347190][T15405]  ? __context_tracking_exit+0xb8/0xe0
[  533.352634][T15405]  ? lock_downgrade+0x6e0/0x6e0
[  533.357480][T15405]  ? lock_downgrade+0x6e0/0x6e0
[  533.362328][T15405]  ? syscall_enter_from_user_mode+0x21/0x70
[  533.368221][T15405]  do_syscall_64+0x35/0xb0
[  533.372628][T15405]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  533.378641][T15405] RIP: 0033:0x7fb48a0890e9
[  533.383044][T15405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  533.402633][T15405] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  533.411029][T15405] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  533.418982][T15405] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  533.426942][T15405] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  533.434899][T15405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  533.442857][T15405] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  533.450845][T15405]  </TASK>
01:36:44 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x24}, 0x0, 0x0)

01:36:44 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x7, 0x0, 0x0, 0x200000000000000)

01:36:44 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = open(&(0x7f0000000180)='./file0\x00', 0x240, 0x50)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000480)={'batadv0\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f0000000100)="7f0086dd", 0x5e0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r4, 0x1, 0x0, 0x6, @local}, 0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@bridge_newneigh={0x3c, 0x1c, 0x200, 0x70bd28, 0x25dfdbfb, {0x7, 0x0, 0x0, r4, 0x8, 0x1a, 0x8}, [@NDA_FLAGS_EXT={0x8, 0xf, 0x1}, @NDA_DST_IPV4={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x38}}, @NDA_PROTOCOL={0x5}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1000}, 0x4000)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_emit_ethernet(0x10a, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa91004d00810022000011aa018eaaf65700190a06cab1ab0bf131ff535350b8d15de9450bf8ca5f83bf41305c52e3e92dc36b9155b335a0cc2468dfd9ca5a579fc4a74e48dfd5571978858b34c2a9a0876341ada524fcd22845c695b7477a3b05cb42cf3d9da596c08f2f57dc004a07638fa5e725c53e9453a8b03caa0e9c1e724ef5d894abd5be8fdc5156e3275db762741c90322f043578bc34a80ca869b04f9f5c8e6cc18cfb2f6476f1a8307c5781ad101f02d2fbaa2735c00ab5393b3683edce1c72a49e8e0232de34805560c71bd6b45f4b55ab88ec6c163395671a64c1dcd816faf3e3f9901b9d4b99300dc585078935d4c87fa0a087ec24e9e238"], &(0x7f0000000140)={0x0, 0x3, [0xd13, 0xd4e, 0x3c6, 0xe7b]})

[  533.547073][T15410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  533.592582][T15414] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:29 to non-existent VLAN 3840
01:36:44 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x48}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  533.644657][T15410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:44 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = open(&(0x7f0000000180)='./file0\x00', 0x240, 0x50)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000480)={'batadv0\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f0000000100)="7f0086dd", 0x5e0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r4, 0x1, 0x0, 0x6, @local}, 0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@bridge_newneigh={0x3c, 0x1c, 0x200, 0x70bd28, 0x25dfdbfb, {0x7, 0x0, 0x0, r4, 0x8, 0x1a, 0x8}, [@NDA_FLAGS_EXT={0x8, 0xf, 0x1}, @NDA_DST_IPV4={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x38}}, @NDA_PROTOCOL={0x5}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1000}, 0x4000)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_emit_ethernet(0x10a, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa91004d00810022000011aa018eaaf65700190a06cab1ab0bf131ff535350b8d15de9450bf8ca5f83bf41305c52e3e92dc36b9155b335a0cc2468dfd9ca5a579fc4a74e48dfd5571978858b34c2a9a0876341ada524fcd22845c695b7477a3b05cb42cf3d9da596c08f2f57dc004a07638fa5e725c53e9453a8b03caa0e9c1e724ef5d894abd5be8fdc5156e3275db762741c90322f043578bc34a80ca869b04f9f5c8e6cc18cfb2f6476f1a8307c5781ad101f02d2fbaa2735c00ab5393b3683edce1c72a49e8e0232de34805560c71bd6b45f4b55ab88ec6c163395671a64c1dcd816faf3e3f9901b9d4b99300dc585078935d4c87fa0a087ec24e9e238"], &(0x7f0000000140)={0x0, 0x3, [0xd13, 0xd4e, 0x3c6, 0xe7b]})
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
open(&(0x7f0000000180)='./file0\x00', 0x240, 0x50) (async)
socket$packet(0x11, 0x2, 0x300) (async)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000480)={'batadv0\x00'}) (async)
sendto$packet(r2, &(0x7f0000000100)="7f0086dd", 0x5e0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r4, 0x1, 0x0, 0x6, @local}, 0x14) (async)
sendmsg$nl_route(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@bridge_newneigh={0x3c, 0x1c, 0x200, 0x70bd28, 0x25dfdbfb, {0x7, 0x0, 0x0, r4, 0x8, 0x1a, 0x8}, [@NDA_FLAGS_EXT={0x8, 0xf, 0x1}, @NDA_DST_IPV4={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x38}}, @NDA_PROTOCOL={0x5}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1000}, 0x4000) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
syz_emit_ethernet(0x10a, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa91004d00810022000011aa018eaaf65700190a06cab1ab0bf131ff535350b8d15de9450bf8ca5f83bf41305c52e3e92dc36b9155b335a0cc2468dfd9ca5a579fc4a74e48dfd5571978858b34c2a9a0876341ada524fcd22845c695b7477a3b05cb42cf3d9da596c08f2f57dc004a07638fa5e725c53e9453a8b03caa0e9c1e724ef5d894abd5be8fdc5156e3275db762741c90322f043578bc34a80ca869b04f9f5c8e6cc18cfb2f6476f1a8307c5781ad101f02d2fbaa2735c00ab5393b3683edce1c72a49e8e0232de34805560c71bd6b45f4b55ab88ec6c163395671a64c1dcd816faf3e3f9901b9d4b99300dc585078935d4c87fa0a087ec24e9e238"], &(0x7f0000000140)={0x0, 0x3, [0xd13, 0xd4e, 0x3c6, 0xe7b]}) (async)

[  533.694404][T15419] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  533.804646][T15421] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:29 to non-existent VLAN 3840
01:36:44 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 11)

01:36:44 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = open(&(0x7f0000000180)='./file0\x00', 0x240, 0x50)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000480)={'batadv0\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f0000000100)="7f0086dd", 0x5e0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r4, 0x1, 0x0, 0x6, @local}, 0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@bridge_newneigh={0x3c, 0x1c, 0x200, 0x70bd28, 0x25dfdbfb, {0x7, 0x0, 0x0, r4, 0x8, 0x1a, 0x8}, [@NDA_FLAGS_EXT={0x8, 0xf, 0x1}, @NDA_DST_IPV4={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x38}}, @NDA_PROTOCOL={0x5}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1000}, 0x4000)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_emit_ethernet(0x10a, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa91004d00810022000011aa018eaaf65700190a06cab1ab0bf131ff535350b8d15de9450bf8ca5f83bf41305c52e3e92dc36b9155b335a0cc2468dfd9ca5a579fc4a74e48dfd5571978858b34c2a9a0876341ada524fcd22845c695b7477a3b05cb42cf3d9da596c08f2f57dc004a07638fa5e725c53e9453a8b03caa0e9c1e724ef5d894abd5be8fdc5156e3275db762741c90322f043578bc34a80ca869b04f9f5c8e6cc18cfb2f6476f1a8307c5781ad101f02d2fbaa2735c00ab5393b3683edce1c72a49e8e0232de34805560c71bd6b45f4b55ab88ec6c163395671a64c1dcd816faf3e3f9901b9d4b99300dc585078935d4c87fa0a087ec24e9e238"], &(0x7f0000000140)={0x0, 0x3, [0xd13, 0xd4e, 0x3c6, 0xe7b]})
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
open(&(0x7f0000000180)='./file0\x00', 0x240, 0x50) (async)
socket$packet(0x11, 0x2, 0x300) (async)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000480)={'batadv0\x00'}) (async)
sendto$packet(r2, &(0x7f0000000100)="7f0086dd", 0x5e0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r4, 0x1, 0x0, 0x6, @local}, 0x14) (async)
sendmsg$nl_route(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@bridge_newneigh={0x3c, 0x1c, 0x200, 0x70bd28, 0x25dfdbfb, {0x7, 0x0, 0x0, r4, 0x8, 0x1a, 0x8}, [@NDA_FLAGS_EXT={0x8, 0xf, 0x1}, @NDA_DST_IPV4={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x38}}, @NDA_PROTOCOL={0x5}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1000}, 0x4000) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
syz_emit_ethernet(0x10a, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa91004d00810022000011aa018eaaf65700190a06cab1ab0bf131ff535350b8d15de9450bf8ca5f83bf41305c52e3e92dc36b9155b335a0cc2468dfd9ca5a579fc4a74e48dfd5571978858b34c2a9a0876341ada524fcd22845c695b7477a3b05cb42cf3d9da596c08f2f57dc004a07638fa5e725c53e9453a8b03caa0e9c1e724ef5d894abd5be8fdc5156e3275db762741c90322f043578bc34a80ca869b04f9f5c8e6cc18cfb2f6476f1a8307c5781ad101f02d2fbaa2735c00ab5393b3683edce1c72a49e8e0232de34805560c71bd6b45f4b55ab88ec6c163395671a64c1dcd816faf3e3f9901b9d4b99300dc585078935d4c87fa0a087ec24e9e238"], &(0x7f0000000140)={0x0, 0x3, [0xd13, 0xd4e, 0x3c6, 0xe7b]}) (async)

01:36:44 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x25}, 0x0, 0x0)

01:36:44 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x4a}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:44 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x8, 0x0, 0x0, 0x200000000000000)

[  534.008498][T15433] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:29 to non-existent VLAN 3840
[  534.066786][T15439] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  534.079362][T15436] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  534.117721][T15438] FAULT_INJECTION: forcing a failure.
[  534.117721][T15438] name failslab, interval 1, probability 0, space 0, times 0
[  534.170805][T15438] CPU: 1 PID: 15438 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  534.178420][T15436] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  534.181496][T15438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  534.181517][T15438] Call Trace:
[  534.181527][T15438]  <TASK>
[  534.181537][T15438]  dump_stack_lvl+0xcd/0x134
[  534.181578][T15438]  should_fail.cold+0x5/0xa
[  534.181610][T15438]  should_failslab+0x5/0x10
[  534.181633][T15438]  kmem_cache_alloc_bulk+0x4b/0x720
[  534.181669][T15438]  io_submit_sqes.cold+0x1b9/0x3f2
[  534.181716][T15438]  ? find_held_lock+0x2d/0x110
[  534.181747][T15438]  ? io_apoll_task_func+0x270/0x270
[  534.181800][T15438]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  534.181826][T15438]  __do_sys_io_uring_enter+0x119b/0x21d0
[  534.181870][T15438]  ? io_submit_sqes+0x98b0/0x98b0
[  534.181897][T15438]  ? find_held_lock+0x2d/0x110
[  534.181932][T15438]  ? __context_tracking_exit+0xb8/0xe0
[  534.181960][T15438]  ? lock_downgrade+0x6e0/0x6e0
[  534.181989][T15438]  ? lock_downgrade+0x6e0/0x6e0
[  534.277715][T15438]  ? syscall_enter_from_user_mode+0x21/0x70
[  534.283700][T15438]  do_syscall_64+0x35/0xb0
[  534.288116][T15438]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  534.294013][T15438] RIP: 0033:0x7fb48a0890e9
[  534.298431][T15438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  534.318046][T15438] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  534.326464][T15438] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  534.334421][T15438] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  534.342381][T15438] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  534.350338][T15438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  534.358290][T15438] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  534.366263][T15438]  </TASK>
01:36:45 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x4c}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:45 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x4f0403, 0x0)
sendto(r1, &(0x7f0000000100)="d3cc611217ba68f4a3447a31afab42ef87bc4dfd648ace0c0da711c6845a27bb6e32d410448e88833e5d55e58a6a3e4af670dab3a25f9e6a3e43d6d5582e86af7b62be6faf6f1bc38726e96050fc6a6d38dd66e2ff9254bfd9c4b6af29318bd6c278ff8dfe52a68d9b21459de78f84eead94c768a57b39e565f87b3ab936f78d5d9493112cf5277f35071b6c56b8b968df36f3c03b4d18ce6e693fac5be895534fcc", 0xa2, 0x8008, &(0x7f00000001c0)=@l2={0x1f, 0x8, @none, 0x20, 0x2}, 0x80)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb0800440000280000000000069078ec5021bf95a7a38e0000e2d1000000a068c0f80c7017e07217f34bc6d9c9e6d3e535bf47e2d8511ffd3c9af80c67d1aba043fb76389401b13a8b370e7d12e914fba4993bc7d576bba6b197c46285a86a309edc7d7957f0733129e787", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0000000000000080"], 0x0)

01:36:45 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x8, 0x0, 0x0, 0x200000000000000)

01:36:45 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x4f0403, 0x0)
sendto(r1, &(0x7f0000000100)="d3cc611217ba68f4a3447a31afab42ef87bc4dfd648ace0c0da711c6845a27bb6e32d410448e88833e5d55e58a6a3e4af670dab3a25f9e6a3e43d6d5582e86af7b62be6faf6f1bc38726e96050fc6a6d38dd66e2ff9254bfd9c4b6af29318bd6c278ff8dfe52a68d9b21459de78f84eead94c768a57b39e565f87b3ab936f78d5d9493112cf5277f35071b6c56b8b968df36f3c03b4d18ce6e693fac5be895534fcc", 0xa2, 0x8008, &(0x7f00000001c0)=@l2={0x1f, 0x8, @none, 0x20, 0x2}, 0x80) (async)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb0800440000280000000000069078ec5021bf95a7a38e0000e2d1000000a068c0f80c7017e07217f34bc6d9c9e6d3e535bf47e2d8511ffd3c9af80c67d1aba043fb76389401b13a8b370e7d12e914fba4993bc7d576bba6b197c46285a86a309edc7d7957f0733129e787", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0000000000000080"], 0x0)

[  534.501075][T15456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:45 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x4f0403, 0x0)
sendto(r1, &(0x7f0000000100)="d3cc611217ba68f4a3447a31afab42ef87bc4dfd648ace0c0da711c6845a27bb6e32d410448e88833e5d55e58a6a3e4af670dab3a25f9e6a3e43d6d5582e86af7b62be6faf6f1bc38726e96050fc6a6d38dd66e2ff9254bfd9c4b6af29318bd6c278ff8dfe52a68d9b21459de78f84eead94c768a57b39e565f87b3ab936f78d5d9493112cf5277f35071b6c56b8b968df36f3c03b4d18ce6e693fac5be895534fcc", 0xa2, 0x8008, &(0x7f00000001c0)=@l2={0x1f, 0x8, @none, 0x20, 0x2}, 0x80)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb0800440000280000000000069078ec5021bf95a7a38e0000e2d1000000a068c0f80c7017e07217f34bc6d9c9e6d3e535bf47e2d8511ffd3c9af80c67d1aba043fb76389401b13a8b370e7d12e914fba4993bc7d576bba6b197c46285a86a309edc7d7957f0733129e787", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0000000000000080"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x4f0403, 0x0) (async)
sendto(r1, &(0x7f0000000100)="d3cc611217ba68f4a3447a31afab42ef87bc4dfd648ace0c0da711c6845a27bb6e32d410448e88833e5d55e58a6a3e4af670dab3a25f9e6a3e43d6d5582e86af7b62be6faf6f1bc38726e96050fc6a6d38dd66e2ff9254bfd9c4b6af29318bd6c278ff8dfe52a68d9b21459de78f84eead94c768a57b39e565f87b3ab936f78d5d9493112cf5277f35071b6c56b8b968df36f3c03b4d18ce6e693fac5be895534fcc", 0xa2, 0x8008, &(0x7f00000001c0)=@l2={0x1f, 0x8, @none, 0x20, 0x2}, 0x80) (async)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb0800440000280000000000069078ec5021bf95a7a38e0000e2d1000000a068c0f80c7017e07217f34bc6d9c9e6d3e535bf47e2d8511ffd3c9af80c67d1aba043fb76389401b13a8b370e7d12e914fba4993bc7d576bba6b197c46285a86a309edc7d7957f0733129e787", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0000000000000080"], 0x0) (async)

01:36:45 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 12)

01:36:45 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x26}, 0x0, 0x0)

01:36:45 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x60}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  534.895878][T15470] FAULT_INJECTION: forcing a failure.
[  534.895878][T15470] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  534.898227][T15476] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  534.910894][T15469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  534.958844][T15470] CPU: 1 PID: 15470 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  534.969384][T15470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  534.979428][T15470] Call Trace:
[  534.982707][T15470]  <TASK>
[  534.985636][T15470]  dump_stack_lvl+0xcd/0x134
[  534.990247][T15470]  should_fail.cold+0x5/0xa
[  534.993470][T15469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  534.994785][T15470]  prepare_alloc_pages+0x17b/0x570
[  534.994824][T15470]  ? __schedule+0xaa2/0x4cc0
[  535.014217][T15470]  __alloc_pages+0x12f/0x500
[  535.018836][T15470]  ? __alloc_pages_slowpath.constprop.0+0x20e0/0x20e0
[  535.025613][T15470]  ? lockdep_hardirqs_on+0x79/0x100
[  535.030822][T15470]  alloc_pages+0x1aa/0x310
[  535.035240][T15470]  allocate_slab+0x26c/0x3c0
[  535.039931][T15470]  ___slab_alloc+0x8df/0xf20
[  535.044523][T15470]  ? io_submit_sqes.cold+0x1b9/0x3f2
[  535.049814][T15470]  ? mark_held_locks+0x9f/0xe0
[  535.054691][T15470]  kmem_cache_alloc_bulk+0x21c/0x720
[  535.059973][T15470]  io_submit_sqes.cold+0x1b9/0x3f2
[  535.065089][T15470]  ? find_held_lock+0x2d/0x110
[  535.069846][T15470]  ? io_apoll_task_func+0x270/0x270
[  535.075040][T15470]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  535.080829][T15470]  __do_sys_io_uring_enter+0x119b/0x21d0
[  535.086457][T15470]  ? io_submit_sqes+0x98b0/0x98b0
[  535.091465][T15470]  ? find_held_lock+0x2d/0x110
[  535.096217][T15470]  ? __context_tracking_exit+0xb8/0xe0
[  535.101660][T15470]  ? lock_downgrade+0x6e0/0x6e0
[  535.106502][T15470]  ? lock_downgrade+0x6e0/0x6e0
[  535.111346][T15470]  ? syscall_enter_from_user_mode+0x21/0x70
[  535.117229][T15470]  do_syscall_64+0x35/0xb0
[  535.121632][T15470]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  535.127510][T15470] RIP: 0033:0x7fb48a0890e9
[  535.131907][T15470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  535.151496][T15470] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  535.159890][T15470] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  535.167844][T15470] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  535.175794][T15470] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  535.183752][T15470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  535.191703][T15470] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  535.199669][T15470]  </TASK>
01:36:46 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000300)={0x2, 0x4, @broadcast}, 0x38)
listen(r0, 0x0)
connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @multicast1}, 0x10)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x80800, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1616c0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000001440)=ANY=[], &(0x7f0000000140)=0x8)
r4 = fsmount(r1, 0x0, 0x8)
getsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0x1b, &(0x7f00000000c0)=@assoc_value, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e20, @multicast2}}, 0x2, 0x1, 0x2, 0xf6c, 0x7}, &(0x7f0000000280)=0x98)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="5f7c27e6fb6b418d4c28c1afb69374", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="9e02769490780008"], 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/203, 0xcb, 0x0, &(0x7f0000000100)}, &(0x7f0000000180)=0x40)
setsockopt$sock_void(r2, 0x1, 0x24, 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r5, 0x400454de, 0x7fffffffefff)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000969000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000894000/0x2000)=nil, &(0x7f0000df8000/0x2000)=nil, &(0x7f0000959000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000e26000/0x3000)=nil, &(0x7f0000c62000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000aa0000/0x1000)=nil, &(0x7f0000000400)="b72ce249d75757ac7077aca72cff1f391250c72cd7c91698342889be440ec18e5d729b5bb77e6edcf6b9698f28f65bfe64c846c1952a0a1e9af2460fee811cc7fea36bb7893c50a9e9ac296c5fbcbe5628aac271387be4bc3e9a2ba8cf631fa5af0094deeb9ac238305d9b36d09c757cee182b3f5454bc93e9c5ab54ef27b8a83d7efc24c53701f25ef93e565d6e60f6f9e8a6ef093b6cf2709f095830b5725a8c78847a91ad1fae3d58339d1801126e4b62659fa427f75027d3f12668e63c2d4a10579bceffdbdf8183884f2b62177ba7f19d4d8ab06c5a9eefb45e9280442d772cc6b66b29784d3adb234d637d614cf4ccd4b9cfa487867e82cf819d205f8f2621def29d974b293ff32310c915a35f19cfaa95bb069249126c0a0bc28e8c083d52ff1c64e10c619c25738f23894eaa5b50b391ba8ef3751be6d869ed0c2e66915bfec5f72ec8b6e5961e6b934ad930d354fb64364d0ed3395f6763e46385456cf65d0213cdffb21819d83f3758ba8a85d5a8af824f73a4405893646e042becdd3bab2ecec8b04033b308ed2fc47aca404c9342465afdcef3da332452c9b0ee420ca7589fcca79f476c61b4a1345469298c50e45fd362461209e6de84753d6d3016cfeb319501b03f11801e2ff66638066763c8b375f2f4f98a1aee5096a236dc2c0eee983f60c3de6add96dc9aadf75f2c31c8897d685975fb1e482fd2b313366b72ebe03151ad28a4c1ef57ad7ef7a55220bf3d58d2a2daac963d710c25a260015f1187d70d3e37bbd7bb071462f8e9b739d87b7b10cb2c81b1f302620c6ba69d39dcc5797c9c945074dcbe54653f14f42075ab524a807dd11ab9e01ab1905db69ed2bb8efa7f4be6079363039d9795332234cc296634dba1d71d4ef9e617fd2131602df02b695ea9e8bc5aca0390b424fc4058d9e64b337ac3f66f4b8c786eab031c7e9603e77a1c4792e01020d998047ee0d38388e63a73153018c0d90469bd6b3c7e210c92a4ae3fb77bf9f12b855b552440ed28ea75ea656f46e89fa3b7028c2900b46850ed37e1785cb18c9c1e821c172a0531d163e8c30e4c4ef43a70e3a6c376a82ca6b2a899374a4240ff759c0b1713d881798019ca2ad694dbc908fdedeebe1838532562fcc19f8887cd93fd4ee9c2f331ab2dec1a6a3b4c42d925af6ea502f3c94ba74fcf157164af01387a5708814d00fa1f63d111fd1ee48c60f2e7be0df67c8a74a0e2e4ce8479ca60084b59d94ed70ceb55f2ca22ef0cdbea95508716d98a025a4f31faa79ca34268b0b2ebee2165474f3613d5c8893094ecb3e9f46f208fcce252e65740487c5fcd6a103a698d693d46e2802bf666568ccff50791add336a1ff12b34c88d24b5fda116dee8bf1c54ceb3713aebba6e6cf67318a24ecf12e5c9e7dd89434c0b2dff04a44d283fe825c2b205b33410d9fcea8c6dbbbe3d1a4783dc49c6442a0b71ec7c1c70596d9ef3faf98861dac88af701545873cac1588c08a0137fa213ccce1316cc5a064b00c31dd3f504c5742be64f9a1ece72922b710160b83f604e944a1065678f8236b4d3e47c698fee72577e56caa66383ad3fb289ee05329bf7c1689de80b12416df9856370add53f0f426daccbf1ad230e68d0fc8c310f9df84e7f593236ecb0226a5b7830b43345db3084adfa18d78656abdfa98c313d2292ec844880c299447baa10c9dfd0bc672f1d9da156c3cccc8630cb4234d75e42f94feecc0f229d4ba13081242d72f01456fea48800b719adfb75b24f5d3f36d78be369af36471e2fdd33c61d7627448e0c139218af466c36986e5fd7972b33c4461e638d326a6ae3f6cb7deec53f5b5251ba520dc33fd4627a26b93edef4f01179db334cc6b69c72ad5fffeabef717de2c0e083e4bd95c655cc01fa69bfb7adfee4dfdde615b916ec5af31bf8d919cf44f923b585ac1aefa04f1200e6e0fee2402824ed8177c17a10bb4c7c42680b29bd9a451f87cc6f703c4e33beb933cb7ddb78c1bad71ba9dcc66292bbfbe22d4c46215e0ca502c870bfcb724c065221b5980cb541c537aa0ec56564dd5d6ad511f10dba293770cb368bc34415ac7fe1da4bebbc39e261c6161aa070f80a151898d33b70e88110793fad4515626274d2d69ee9b252f932f760bb45ffaa5a09a8bcf7a953224edd58e1038d9f1fb3bdbab4905d21078b9b2ed050d3c32bdffa9daaa39aeeb62ddab85382760db7f09fa07e87707b7f3249218938ecee57ca009d0ba8fd6d1b65568f55b858319e7c8384a63e959fd0ce299018c4d8292c1ac5f2f9ba9db287a3c1d19de890d331e0953e5c6ffc17ea764cb2b1c88f8ec2996dfeaa6bef98393209b46e8f987cd67d79632c668a7c778b4d6dd321498011fe0a8023c09adcba5bc402d2fe7d72a8c67fd931358ac365631dfaecdc0c0ab9139e5109da0ff222ec2b6fe5e2c18e03beb093948d079798aae994e116231a7b1f8ad2d2ce71c688f9fc33f7fda7b039bb1b0ff71cbb31030befdc7b6653fc996ea5a8308aa73392f486aa5dcb793f976e6edbd2eac0eedb2f7772a09ba49a3c1cbe842ca66a373773c867f7345d88e77955decd3ea186aea857ae72678a88508f20a0e6ee71b9fb8ba3e300409311e42abd6e15c9df98617fd7398d29f5b90901f0cb656778b62ac534ecfa9fa9d5a29fce01365ba1d585ae4a701009a06fbf85d54a6378141df31d7393d95334237cb1e96f16481f2465a59cd1de438e9627c6eff745ec460e60352113c2a02243e9d0b6b77e079f78c3d014dbef2df2986b82e04e1d2b593f48117d0c9b3bee0cf09911819131fffc739aaea57fa02e3dd06bc9da512fd3271e651959d13049e2d4aeeb07ae4a8f2b9ea4a3d9f9598f62ac1be86756197bc8d605d4609b47d89f03eb8f5b413c40e8f8c99f9570c330579c02437fccdfa4e9254cfaadfd64dfb947bcfe99cf1863a41a9839de8197a45593fd92edb209ae8907bf21975cb87dedeac461f73fcfa0c3b22e83049f45403d6cedd27966bf1c01e73ed8b83c1bc8146cc6bba55cc2888042c6f3053cce63d5b59c3d78a4d049570360679ef38617575f5f2554d2d4f3944f3d3ffdcbc6428bed7d4ff41714b53a8abb35f28a36752d12ab4b9536db8c17dc89c53ad79ac94f5eafc2af721bba271b84a1b1c38000247800c13cbe1a4344b695c42ed42bc9b0a55e98bbed81c9392f7d4e1c34181d05bb4acff540dbab4ab36cd2ed7b1bb15ae0de2e0ec848264a8762a676d877cc38282bf41a9ce1dce02bf300c03ca75191b3a23c9835502e62d524388477315133154d95d80dd4773d940fe0dcc4217e5ad8d18ed06740deeb9e17cb30db2947dd10ae0d890a6d3ab294f79b9dfdafb5165c906d9181e60332b839d9e0cf1984d8abdac9a56426adf8315eb07854e1b504312b4ae74bc6f9c0f30a2dea399a564a4f0b7a0ab74557f8ff5b0fd9057e0f67e780ff0b42438def1ff3203f3e5ed727b5abeb65bef6ad16b961f5c31b7fef7e2e0377b0fcaf91b7dc1176c0d981706bee2cb0f80b14f13fd666f5b1bb63efc0a94e4b24b4d33737622a289e82084e45628ecdaf040ca52fdecb4e2c60c3ae45ccaa4214e287e90c7fd47f958d9e5e9a2b9696ad1667c0ea1a9c3d96a4ca0f37ba09791245f62025f2a9009bfb2bb4422bc424cec9344da2fc83cab825a66e219fdf27e607e1fb96a2ad69b20c0d035209c3d93d1af76c7c8f42f0c58a6b8bf4f9f91563a3863510b8695737e4d64fb802ebebaecec1cefcfc57ce4aa4ff7121daef5a95840910d3442c0baedc339afdc02fc41900ae6b13582de8af82ddefe948e1f82c1366cf5fb721f26b92836bf92c48773edbe207401ea2f7c0857e9c431488255124daf89455911a32dee3945b45eaa8d372852fd47dd016b38e3c5726082ca555c9546cf59f3d04e838d2bb4f1fcea21df9a8678674a127f364c5933bc2b182e4c3b94630ea13bed862d6f1c1f0173f78ef6f9ec696450e572f57edbd49ed4609c9d08edc6fbb4e0116a5ef88387c45382c883ad7bab7d8d4c7c5db59a0c480114f936e7c204aa0ffd042ac296b6ed567c2b32cae02759be4cdbd68e33138d2a1864142f4de36b9c83c56a3b41fee13b24480666104b82a94de3567025b3f8421fefd24a42135db467bf533866e70c76869fc46a4e22508d0d05b8e73cf4fff2c5ade9a092a245ec4d8cabb0097556b029a4e18645653bef01b4799c78999daf825de15c079f783c6da0a56471edd2d8978d1d329f206096e1394e8c5878fd2f49a6c4523deaaba4f4de587a73183375c9b214d6b51ae170a66473aa2cf1fdae4618697877a95e165523cec49e7ae1640db71d0ff91e0d6d95851551fc467c83b2881267bd70c06e8d9a0c3dceafae6511dbb106442646d0a64056598d783a0fa0b64c09c01e3555bdd150b3ee86d73841df5c34c486f7601c37f8778d4ad83b7efacbfac82820a28822c58937ac7e5e808472b5c911ccc5d934c8e5ebe990059a865a5590b045426bf937793c77f0d4e564ca02027eced00ecea17d2669557ce4a6492e9524bd715ddd3ad9737a88d1a23c75a2a4c1ae9e82f64beb4f9adb90e89cf5ed0cdae8aa2c66a009cb37547a9baf4db1117484127c64b2b31377873b29288a41856feb4e6a2ae91a9f54ba8d2a3067f9d50c75a3d2d3cced08829af4ac36b80048d431aa98dd24166eb465eb5c769c7b52a715666e3ee8001d20c003a1bd3052590ac12b5bdedad9a0a6c3b3ac15756a44beebf942430c6cb088f50b0a689b0afa1474da5dc1f5585667aa09aa273eb343d28d7ba217151cdef6b52373e6325ad600647d8d8b4417890132673278d7255f291d93a8070e9a281c1d1aeb897249b18df1de30282d5c6da04d12de2e23c6010e3d91beb9bec175847915de2c4c8c06bc8ebbe43981483413bfd19827613945fed30a5d346b7dfcf094a135c65bc396105e3253fd319dea20d5ffe8fef316389f84269d82e6d5cdb379646a6df98fc46f28ebd1df9d299a1fee1ddaed92c873e5ece8441302260f8f57803b03e0faac2ae8b3207e83d6626f42c4a99dbcfd7574b3335f1279acbffc53f8394dd2940adad3830703a369edfff96780ceffdf82b9a1b264aa5b33429dc61d6a6067a344e053d0d79acd7f74e3fececd1f3f5015eb851b4ed17c124a4405f02213afb65c91e8e29f60ebb387c06ac2da80e63b78e36e0a02a2dd405e0584f4ef54e084a62f879b2da434dd39d6712ee69c8fc66ff86e982e9681aac497bfedd91a27e3e43663fb730f6d9d585cccbae53a510112fe1caaf3ecb11e831c4f3ecc5412395176916b3d12cda32a6b5f2535a88c24d562d627772cd31d777a366076334493c67dd1e02fc4fc234dbe986ec9247ffc0e834f37ba735cc382ff8cd2b4241c37ed31573ac58eec85a0985109bca0b685cc5ab97bb97c69d3613df03b519f7ac9d86e2eefaa0f1c34d40476ffa776fee4088efd5ff7c9b6c6d1753b12801b00753f7e080bdd4dc4ea880d2ae04dc26a4cbfba8436b4a487c6021fe8aaf5751f783457962de862e7ead6b02f6266be8ef25d71f857117760f8d447c40c701ae34f464a0ec9d8ed7c7de721c9310a64bf25338228c9ee3a10f5663ee17b8781a789dae4d2cc6a23eed8126ea15a1517dd7bb661a20602881c4c940d8030a127853701777baa2647f43a1fb58371a7a38971527f0a39623bacf5bf37763abea7e23db2c741165fa47930cdc49d148e9a0945a2041f90a9de9671a7c6d4668b05b076b88", 0x1000, r5}, 0x68)

01:36:46 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xe3, 0x0, 0x0, 0x200000000000000)

01:36:46 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000300)={0x2, 0x4, @broadcast}, 0x38)
listen(r0, 0x0)
connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @multicast1}, 0x10)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x80800, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1616c0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000001440)=ANY=[], &(0x7f0000000140)=0x8)
r4 = fsmount(r1, 0x0, 0x8)
getsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0x1b, &(0x7f00000000c0)=@assoc_value, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e20, @multicast2}}, 0x2, 0x1, 0x2, 0xf6c, 0x7}, &(0x7f0000000280)=0x98)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="5f7c27e6fb6b418d4c28c1afb69374", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="9e02769490780008"], 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/203, 0xcb, 0x0, &(0x7f0000000100)}, &(0x7f0000000180)=0x40)
setsockopt$sock_void(r2, 0x1, 0x24, 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13})
ioctl$TUNSETOFFLOAD(r5, 0x400454de, 0x7fffffffefff)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000969000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000894000/0x2000)=nil, &(0x7f0000df8000/0x2000)=nil, &(0x7f0000959000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000e26000/0x3000)=nil, &(0x7f0000c62000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000aa0000/0x1000)=nil, &(0x7f0000000400)="b72ce249d75757ac7077aca72cff1f391250c72cd7c91698342889be440ec18e5d729b5bb77e6edcf6b9698f28f65bfe64c846c1952a0a1e9af2460fee811cc7fea36bb7893c50a9e9ac296c5fbcbe5628aac271387be4bc3e9a2ba8cf631fa5af0094deeb9ac238305d9b36d09c757cee182b3f5454bc93e9c5ab54ef27b8a83d7efc24c53701f25ef93e565d6e60f6f9e8a6ef093b6cf2709f095830b5725a8c78847a91ad1fae3d58339d1801126e4b62659fa427f75027d3f12668e63c2d4a10579bceffdbdf8183884f2b62177ba7f19d4d8ab06c5a9eefb45e9280442d772cc6b66b29784d3adb234d637d614cf4ccd4b9cfa487867e82cf819d205f8f2621def29d974b293ff32310c915a35f19cfaa95bb069249126c0a0bc28e8c083d52ff1c64e10c619c25738f23894eaa5b50b391ba8ef3751be6d869ed0c2e66915bfec5f72ec8b6e5961e6b934ad930d354fb64364d0ed3395f6763e46385456cf65d0213cdffb21819d83f3758ba8a85d5a8af824f73a4405893646e042becdd3bab2ecec8b04033b308ed2fc47aca404c9342465afdcef3da332452c9b0ee420ca7589fcca79f476c61b4a1345469298c50e45fd362461209e6de84753d6d3016cfeb319501b03f11801e2ff66638066763c8b375f2f4f98a1aee5096a236dc2c0eee983f60c3de6add96dc9aadf75f2c31c8897d685975fb1e482fd2b313366b72ebe03151ad28a4c1ef57ad7ef7a55220bf3d58d2a2daac963d710c25a260015f1187d70d3e37bbd7bb071462f8e9b739d87b7b10cb2c81b1f302620c6ba69d39dcc5797c9c945074dcbe54653f14f42075ab524a807dd11ab9e01ab1905db69ed2bb8efa7f4be6079363039d9795332234cc296634dba1d71d4ef9e617fd2131602df02b695ea9e8bc5aca0390b424fc4058d9e64b337ac3f66f4b8c786eab031c7e9603e77a1c4792e01020d998047ee0d38388e63a73153018c0d90469bd6b3c7e210c92a4ae3fb77bf9f12b855b552440ed28ea75ea656f46e89fa3b7028c2900b46850ed37e1785cb18c9c1e821c172a0531d163e8c30e4c4ef43a70e3a6c376a82ca6b2a899374a4240ff759c0b1713d881798019ca2ad694dbc908fdedeebe1838532562fcc19f8887cd93fd4ee9c2f331ab2dec1a6a3b4c42d925af6ea502f3c94ba74fcf157164af01387a5708814d00fa1f63d111fd1ee48c60f2e7be0df67c8a74a0e2e4ce8479ca60084b59d94ed70ceb55f2ca22ef0cdbea95508716d98a025a4f31faa79ca34268b0b2ebee2165474f3613d5c8893094ecb3e9f46f208fcce252e65740487c5fcd6a103a698d693d46e2802bf666568ccff50791add336a1ff12b34c88d24b5fda116dee8bf1c54ceb3713aebba6e6cf67318a24ecf12e5c9e7dd89434c0b2dff04a44d283fe825c2b205b33410d9fcea8c6dbbbe3d1a4783dc49c6442a0b71ec7c1c70596d9ef3faf98861dac88af701545873cac1588c08a0137fa213ccce1316cc5a064b00c31dd3f504c5742be64f9a1ece72922b710160b83f604e944a1065678f8236b4d3e47c698fee72577e56caa66383ad3fb289ee05329bf7c1689de80b12416df9856370add53f0f426daccbf1ad230e68d0fc8c310f9df84e7f593236ecb0226a5b7830b43345db3084adfa18d78656abdfa98c313d2292ec844880c299447baa10c9dfd0bc672f1d9da156c3cccc8630cb4234d75e42f94feecc0f229d4ba13081242d72f01456fea48800b719adfb75b24f5d3f36d78be369af36471e2fdd33c61d7627448e0c139218af466c36986e5fd7972b33c4461e638d326a6ae3f6cb7deec53f5b5251ba520dc33fd4627a26b93edef4f01179db334cc6b69c72ad5fffeabef717de2c0e083e4bd95c655cc01fa69bfb7adfee4dfdde615b916ec5af31bf8d919cf44f923b585ac1aefa04f1200e6e0fee2402824ed8177c17a10bb4c7c42680b29bd9a451f87cc6f703c4e33beb933cb7ddb78c1bad71ba9dcc66292bbfbe22d4c46215e0ca502c870bfcb724c065221b5980cb541c537aa0ec56564dd5d6ad511f10dba293770cb368bc34415ac7fe1da4bebbc39e261c6161aa070f80a151898d33b70e88110793fad4515626274d2d69ee9b252f932f760bb45ffaa5a09a8bcf7a953224edd58e1038d9f1fb3bdbab4905d21078b9b2ed050d3c32bdffa9daaa39aeeb62ddab85382760db7f09fa07e87707b7f3249218938ecee57ca009d0ba8fd6d1b65568f55b858319e7c8384a63e959fd0ce299018c4d8292c1ac5f2f9ba9db287a3c1d19de890d331e0953e5c6ffc17ea764cb2b1c88f8ec2996dfeaa6bef98393209b46e8f987cd67d79632c668a7c778b4d6dd321498011fe0a8023c09adcba5bc402d2fe7d72a8c67fd931358ac365631dfaecdc0c0ab9139e5109da0ff222ec2b6fe5e2c18e03beb093948d079798aae994e116231a7b1f8ad2d2ce71c688f9fc33f7fda7b039bb1b0ff71cbb31030befdc7b6653fc996ea5a8308aa73392f486aa5dcb793f976e6edbd2eac0eedb2f7772a09ba49a3c1cbe842ca66a373773c867f7345d88e77955decd3ea186aea857ae72678a88508f20a0e6ee71b9fb8ba3e300409311e42abd6e15c9df98617fd7398d29f5b90901f0cb656778b62ac534ecfa9fa9d5a29fce01365ba1d585ae4a701009a06fbf85d54a6378141df31d7393d95334237cb1e96f16481f2465a59cd1de438e9627c6eff745ec460e60352113c2a02243e9d0b6b77e079f78c3d014dbef2df2986b82e04e1d2b593f48117d0c9b3bee0cf09911819131fffc739aaea57fa02e3dd06bc9da512fd3271e651959d13049e2d4aeeb07ae4a8f2b9ea4a3d9f9598f62ac1be86756197bc8d605d4609b47d89f03eb8f5b413c40e8f8c99f9570c330579c02437fccdfa4e9254cfaadfd64dfb947bcfe99cf1863a41a9839de8197a45593fd92edb209ae8907bf21975cb87dedeac461f73fcfa0c3b22e83049f45403d6cedd27966bf1c01e73ed8b83c1bc8146cc6bba55cc2888042c6f3053cce63d5b59c3d78a4d049570360679ef38617575f5f2554d2d4f3944f3d3ffdcbc6428bed7d4ff41714b53a8abb35f28a36752d12ab4b9536db8c17dc89c53ad79ac94f5eafc2af721bba271b84a1b1c38000247800c13cbe1a4344b695c42ed42bc9b0a55e98bbed81c9392f7d4e1c34181d05bb4acff540dbab4ab36cd2ed7b1bb15ae0de2e0ec848264a8762a676d877cc38282bf41a9ce1dce02bf300c03ca75191b3a23c9835502e62d524388477315133154d95d80dd4773d940fe0dcc4217e5ad8d18ed06740deeb9e17cb30db2947dd10ae0d890a6d3ab294f79b9dfdafb5165c906d9181e60332b839d9e0cf1984d8abdac9a56426adf8315eb07854e1b504312b4ae74bc6f9c0f30a2dea399a564a4f0b7a0ab74557f8ff5b0fd9057e0f67e780ff0b42438def1ff3203f3e5ed727b5abeb65bef6ad16b961f5c31b7fef7e2e0377b0fcaf91b7dc1176c0d981706bee2cb0f80b14f13fd666f5b1bb63efc0a94e4b24b4d33737622a289e82084e45628ecdaf040ca52fdecb4e2c60c3ae45ccaa4214e287e90c7fd47f958d9e5e9a2b9696ad1667c0ea1a9c3d96a4ca0f37ba09791245f62025f2a9009bfb2bb4422bc424cec9344da2fc83cab825a66e219fdf27e607e1fb96a2ad69b20c0d035209c3d93d1af76c7c8f42f0c58a6b8bf4f9f91563a3863510b8695737e4d64fb802ebebaecec1cefcfc57ce4aa4ff7121daef5a95840910d3442c0baedc339afdc02fc41900ae6b13582de8af82ddefe948e1f82c1366cf5fb721f26b92836bf92c48773edbe207401ea2f7c0857e9c431488255124daf89455911a32dee3945b45eaa8d372852fd47dd016b38e3c5726082ca555c9546cf59f3d04e838d2bb4f1fcea21df9a8678674a127f364c5933bc2b182e4c3b94630ea13bed862d6f1c1f0173f78ef6f9ec696450e572f57edbd49ed4609c9d08edc6fbb4e0116a5ef88387c45382c883ad7bab7d8d4c7c5db59a0c480114f936e7c204aa0ffd042ac296b6ed567c2b32cae02759be4cdbd68e33138d2a1864142f4de36b9c83c56a3b41fee13b24480666104b82a94de3567025b3f8421fefd24a42135db467bf533866e70c76869fc46a4e22508d0d05b8e73cf4fff2c5ade9a092a245ec4d8cabb0097556b029a4e18645653bef01b4799c78999daf825de15c079f783c6da0a56471edd2d8978d1d329f206096e1394e8c5878fd2f49a6c4523deaaba4f4de587a73183375c9b214d6b51ae170a66473aa2cf1fdae4618697877a95e165523cec49e7ae1640db71d0ff91e0d6d95851551fc467c83b2881267bd70c06e8d9a0c3dceafae6511dbb106442646d0a64056598d783a0fa0b64c09c01e3555bdd150b3ee86d73841df5c34c486f7601c37f8778d4ad83b7efacbfac82820a28822c58937ac7e5e808472b5c911ccc5d934c8e5ebe990059a865a5590b045426bf937793c77f0d4e564ca02027eced00ecea17d2669557ce4a6492e9524bd715ddd3ad9737a88d1a23c75a2a4c1ae9e82f64beb4f9adb90e89cf5ed0cdae8aa2c66a009cb37547a9baf4db1117484127c64b2b31377873b29288a41856feb4e6a2ae91a9f54ba8d2a3067f9d50c75a3d2d3cced08829af4ac36b80048d431aa98dd24166eb465eb5c769c7b52a715666e3ee8001d20c003a1bd3052590ac12b5bdedad9a0a6c3b3ac15756a44beebf942430c6cb088f50b0a689b0afa1474da5dc1f5585667aa09aa273eb343d28d7ba217151cdef6b52373e6325ad600647d8d8b4417890132673278d7255f291d93a8070e9a281c1d1aeb897249b18df1de30282d5c6da04d12de2e23c6010e3d91beb9bec175847915de2c4c8c06bc8ebbe43981483413bfd19827613945fed30a5d346b7dfcf094a135c65bc396105e3253fd319dea20d5ffe8fef316389f84269d82e6d5cdb379646a6df98fc46f28ebd1df9d299a1fee1ddaed92c873e5ece8441302260f8f57803b03e0faac2ae8b3207e83d6626f42c4a99dbcfd7574b3335f1279acbffc53f8394dd2940adad3830703a369edfff96780ceffdf82b9a1b264aa5b33429dc61d6a6067a344e053d0d79acd7f74e3fececd1f3f5015eb851b4ed17c124a4405f02213afb65c91e8e29f60ebb387c06ac2da80e63b78e36e0a02a2dd405e0584f4ef54e084a62f879b2da434dd39d6712ee69c8fc66ff86e982e9681aac497bfedd91a27e3e43663fb730f6d9d585cccbae53a510112fe1caaf3ecb11e831c4f3ecc5412395176916b3d12cda32a6b5f2535a88c24d562d627772cd31d777a366076334493c67dd1e02fc4fc234dbe986ec9247ffc0e834f37ba735cc382ff8cd2b4241c37ed31573ac58eec85a0985109bca0b685cc5ab97bb97c69d3613df03b519f7ac9d86e2eefaa0f1c34d40476ffa776fee4088efd5ff7c9b6c6d1753b12801b00753f7e080bdd4dc4ea880d2ae04dc26a4cbfba8436b4a487c6021fe8aaf5751f783457962de862e7ead6b02f6266be8ef25d71f857117760f8d447c40c701ae34f464a0ec9d8ed7c7de721c9310a64bf25338228c9ee3a10f5663ee17b8781a789dae4d2cc6a23eed8126ea15a1517dd7bb661a20602881c4c940d8030a127853701777baa2647f43a1fb58371a7a38971527f0a39623bacf5bf37763abea7e23db2c741165fa47930cdc49d148e9a0945a2041f90a9de9671a7c6d4668b05b076b88", 0x1000, r5}, 0x68)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000300)={0x2, 0x4, @broadcast}, 0x38) (async)
listen(r0, 0x0) (async)
connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @multicast1}, 0x10) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x80800, 0x0) (async)
socket$inet_sctp(0x2, 0x5, 0x84) (async)
socket$inet_sctp(0x2, 0x5, 0x84) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1616c0, 0x0) (async)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000001440)=ANY=[], &(0x7f0000000140)=0x8) (async)
fsmount(r1, 0x0, 0x8) (async)
getsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0x1b, &(0x7f00000000c0)=@assoc_value, &(0x7f0000000100)=0x8) (async)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e20, @multicast2}}, 0x2, 0x1, 0x2, 0xf6c, 0x7}, &(0x7f0000000280)=0x98) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="5f7c27e6fb6b418d4c28c1afb69374", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="9e02769490780008"], 0x0) (async)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/203, 0xcb, 0x0, &(0x7f0000000100)}, &(0x7f0000000180)=0x40) (async)
setsockopt$sock_void(r2, 0x1, 0x24, 0x0, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
ioctl$TUNSETOFFLOAD(r5, 0x400454de, 0x7fffffffefff) (async)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000969000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000894000/0x2000)=nil, &(0x7f0000df8000/0x2000)=nil, &(0x7f0000959000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000e26000/0x3000)=nil, &(0x7f0000c62000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000aa0000/0x1000)=nil, &(0x7f0000000400)="b72ce249d75757ac7077aca72cff1f391250c72cd7c91698342889be440ec18e5d729b5bb77e6edcf6b9698f28f65bfe64c846c1952a0a1e9af2460fee811cc7fea36bb7893c50a9e9ac296c5fbcbe5628aac271387be4bc3e9a2ba8cf631fa5af0094deeb9ac238305d9b36d09c757cee182b3f5454bc93e9c5ab54ef27b8a83d7efc24c53701f25ef93e565d6e60f6f9e8a6ef093b6cf2709f095830b5725a8c78847a91ad1fae3d58339d1801126e4b62659fa427f75027d3f12668e63c2d4a10579bceffdbdf8183884f2b62177ba7f19d4d8ab06c5a9eefb45e9280442d772cc6b66b29784d3adb234d637d614cf4ccd4b9cfa487867e82cf819d205f8f2621def29d974b293ff32310c915a35f19cfaa95bb069249126c0a0bc28e8c083d52ff1c64e10c619c25738f23894eaa5b50b391ba8ef3751be6d869ed0c2e66915bfec5f72ec8b6e5961e6b934ad930d354fb64364d0ed3395f6763e46385456cf65d0213cdffb21819d83f3758ba8a85d5a8af824f73a4405893646e042becdd3bab2ecec8b04033b308ed2fc47aca404c9342465afdcef3da332452c9b0ee420ca7589fcca79f476c61b4a1345469298c50e45fd362461209e6de84753d6d3016cfeb319501b03f11801e2ff66638066763c8b375f2f4f98a1aee5096a236dc2c0eee983f60c3de6add96dc9aadf75f2c31c8897d685975fb1e482fd2b313366b72ebe03151ad28a4c1ef57ad7ef7a55220bf3d58d2a2daac963d710c25a260015f1187d70d3e37bbd7bb071462f8e9b739d87b7b10cb2c81b1f302620c6ba69d39dcc5797c9c945074dcbe54653f14f42075ab524a807dd11ab9e01ab1905db69ed2bb8efa7f4be6079363039d9795332234cc296634dba1d71d4ef9e617fd2131602df02b695ea9e8bc5aca0390b424fc4058d9e64b337ac3f66f4b8c786eab031c7e9603e77a1c4792e01020d998047ee0d38388e63a73153018c0d90469bd6b3c7e210c92a4ae3fb77bf9f12b855b552440ed28ea75ea656f46e89fa3b7028c2900b46850ed37e1785cb18c9c1e821c172a0531d163e8c30e4c4ef43a70e3a6c376a82ca6b2a899374a4240ff759c0b1713d881798019ca2ad694dbc908fdedeebe1838532562fcc19f8887cd93fd4ee9c2f331ab2dec1a6a3b4c42d925af6ea502f3c94ba74fcf157164af01387a5708814d00fa1f63d111fd1ee48c60f2e7be0df67c8a74a0e2e4ce8479ca60084b59d94ed70ceb55f2ca22ef0cdbea95508716d98a025a4f31faa79ca34268b0b2ebee2165474f3613d5c8893094ecb3e9f46f208fcce252e65740487c5fcd6a103a698d693d46e2802bf666568ccff50791add336a1ff12b34c88d24b5fda116dee8bf1c54ceb3713aebba6e6cf67318a24ecf12e5c9e7dd89434c0b2dff04a44d283fe825c2b205b33410d9fcea8c6dbbbe3d1a4783dc49c6442a0b71ec7c1c70596d9ef3faf98861dac88af701545873cac1588c08a0137fa213ccce1316cc5a064b00c31dd3f504c5742be64f9a1ece72922b710160b83f604e944a1065678f8236b4d3e47c698fee72577e56caa66383ad3fb289ee05329bf7c1689de80b12416df9856370add53f0f426daccbf1ad230e68d0fc8c310f9df84e7f593236ecb0226a5b7830b43345db3084adfa18d78656abdfa98c313d2292ec844880c299447baa10c9dfd0bc672f1d9da156c3cccc8630cb4234d75e42f94feecc0f229d4ba13081242d72f01456fea48800b719adfb75b24f5d3f36d78be369af36471e2fdd33c61d7627448e0c139218af466c36986e5fd7972b33c4461e638d326a6ae3f6cb7deec53f5b5251ba520dc33fd4627a26b93edef4f01179db334cc6b69c72ad5fffeabef717de2c0e083e4bd95c655cc01fa69bfb7adfee4dfdde615b916ec5af31bf8d919cf44f923b585ac1aefa04f1200e6e0fee2402824ed8177c17a10bb4c7c42680b29bd9a451f87cc6f703c4e33beb933cb7ddb78c1bad71ba9dcc66292bbfbe22d4c46215e0ca502c870bfcb724c065221b5980cb541c537aa0ec56564dd5d6ad511f10dba293770cb368bc34415ac7fe1da4bebbc39e261c6161aa070f80a151898d33b70e88110793fad4515626274d2d69ee9b252f932f760bb45ffaa5a09a8bcf7a953224edd58e1038d9f1fb3bdbab4905d21078b9b2ed050d3c32bdffa9daaa39aeeb62ddab85382760db7f09fa07e87707b7f3249218938ecee57ca009d0ba8fd6d1b65568f55b858319e7c8384a63e959fd0ce299018c4d8292c1ac5f2f9ba9db287a3c1d19de890d331e0953e5c6ffc17ea764cb2b1c88f8ec2996dfeaa6bef98393209b46e8f987cd67d79632c668a7c778b4d6dd321498011fe0a8023c09adcba5bc402d2fe7d72a8c67fd931358ac365631dfaecdc0c0ab9139e5109da0ff222ec2b6fe5e2c18e03beb093948d079798aae994e116231a7b1f8ad2d2ce71c688f9fc33f7fda7b039bb1b0ff71cbb31030befdc7b6653fc996ea5a8308aa73392f486aa5dcb793f976e6edbd2eac0eedb2f7772a09ba49a3c1cbe842ca66a373773c867f7345d88e77955decd3ea186aea857ae72678a88508f20a0e6ee71b9fb8ba3e300409311e42abd6e15c9df98617fd7398d29f5b90901f0cb656778b62ac534ecfa9fa9d5a29fce01365ba1d585ae4a701009a06fbf85d54a6378141df31d7393d95334237cb1e96f16481f2465a59cd1de438e9627c6eff745ec460e60352113c2a02243e9d0b6b77e079f78c3d014dbef2df2986b82e04e1d2b593f48117d0c9b3bee0cf09911819131fffc739aaea57fa02e3dd06bc9da512fd3271e651959d13049e2d4aeeb07ae4a8f2b9ea4a3d9f9598f62ac1be86756197bc8d605d4609b47d89f03eb8f5b413c40e8f8c99f9570c330579c02437fccdfa4e9254cfaadfd64dfb947bcfe99cf1863a41a9839de8197a45593fd92edb209ae8907bf21975cb87dedeac461f73fcfa0c3b22e83049f45403d6cedd27966bf1c01e73ed8b83c1bc8146cc6bba55cc2888042c6f3053cce63d5b59c3d78a4d049570360679ef38617575f5f2554d2d4f3944f3d3ffdcbc6428bed7d4ff41714b53a8abb35f28a36752d12ab4b9536db8c17dc89c53ad79ac94f5eafc2af721bba271b84a1b1c38000247800c13cbe1a4344b695c42ed42bc9b0a55e98bbed81c9392f7d4e1c34181d05bb4acff540dbab4ab36cd2ed7b1bb15ae0de2e0ec848264a8762a676d877cc38282bf41a9ce1dce02bf300c03ca75191b3a23c9835502e62d524388477315133154d95d80dd4773d940fe0dcc4217e5ad8d18ed06740deeb9e17cb30db2947dd10ae0d890a6d3ab294f79b9dfdafb5165c906d9181e60332b839d9e0cf1984d8abdac9a56426adf8315eb07854e1b504312b4ae74bc6f9c0f30a2dea399a564a4f0b7a0ab74557f8ff5b0fd9057e0f67e780ff0b42438def1ff3203f3e5ed727b5abeb65bef6ad16b961f5c31b7fef7e2e0377b0fcaf91b7dc1176c0d981706bee2cb0f80b14f13fd666f5b1bb63efc0a94e4b24b4d33737622a289e82084e45628ecdaf040ca52fdecb4e2c60c3ae45ccaa4214e287e90c7fd47f958d9e5e9a2b9696ad1667c0ea1a9c3d96a4ca0f37ba09791245f62025f2a9009bfb2bb4422bc424cec9344da2fc83cab825a66e219fdf27e607e1fb96a2ad69b20c0d035209c3d93d1af76c7c8f42f0c58a6b8bf4f9f91563a3863510b8695737e4d64fb802ebebaecec1cefcfc57ce4aa4ff7121daef5a95840910d3442c0baedc339afdc02fc41900ae6b13582de8af82ddefe948e1f82c1366cf5fb721f26b92836bf92c48773edbe207401ea2f7c0857e9c431488255124daf89455911a32dee3945b45eaa8d372852fd47dd016b38e3c5726082ca555c9546cf59f3d04e838d2bb4f1fcea21df9a8678674a127f364c5933bc2b182e4c3b94630ea13bed862d6f1c1f0173f78ef6f9ec696450e572f57edbd49ed4609c9d08edc6fbb4e0116a5ef88387c45382c883ad7bab7d8d4c7c5db59a0c480114f936e7c204aa0ffd042ac296b6ed567c2b32cae02759be4cdbd68e33138d2a1864142f4de36b9c83c56a3b41fee13b24480666104b82a94de3567025b3f8421fefd24a42135db467bf533866e70c76869fc46a4e22508d0d05b8e73cf4fff2c5ade9a092a245ec4d8cabb0097556b029a4e18645653bef01b4799c78999daf825de15c079f783c6da0a56471edd2d8978d1d329f206096e1394e8c5878fd2f49a6c4523deaaba4f4de587a73183375c9b214d6b51ae170a66473aa2cf1fdae4618697877a95e165523cec49e7ae1640db71d0ff91e0d6d95851551fc467c83b2881267bd70c06e8d9a0c3dceafae6511dbb106442646d0a64056598d783a0fa0b64c09c01e3555bdd150b3ee86d73841df5c34c486f7601c37f8778d4ad83b7efacbfac82820a28822c58937ac7e5e808472b5c911ccc5d934c8e5ebe990059a865a5590b045426bf937793c77f0d4e564ca02027eced00ecea17d2669557ce4a6492e9524bd715ddd3ad9737a88d1a23c75a2a4c1ae9e82f64beb4f9adb90e89cf5ed0cdae8aa2c66a009cb37547a9baf4db1117484127c64b2b31377873b29288a41856feb4e6a2ae91a9f54ba8d2a3067f9d50c75a3d2d3cced08829af4ac36b80048d431aa98dd24166eb465eb5c769c7b52a715666e3ee8001d20c003a1bd3052590ac12b5bdedad9a0a6c3b3ac15756a44beebf942430c6cb088f50b0a689b0afa1474da5dc1f5585667aa09aa273eb343d28d7ba217151cdef6b52373e6325ad600647d8d8b4417890132673278d7255f291d93a8070e9a281c1d1aeb897249b18df1de30282d5c6da04d12de2e23c6010e3d91beb9bec175847915de2c4c8c06bc8ebbe43981483413bfd19827613945fed30a5d346b7dfcf094a135c65bc396105e3253fd319dea20d5ffe8fef316389f84269d82e6d5cdb379646a6df98fc46f28ebd1df9d299a1fee1ddaed92c873e5ece8441302260f8f57803b03e0faac2ae8b3207e83d6626f42c4a99dbcfd7574b3335f1279acbffc53f8394dd2940adad3830703a369edfff96780ceffdf82b9a1b264aa5b33429dc61d6a6067a344e053d0d79acd7f74e3fececd1f3f5015eb851b4ed17c124a4405f02213afb65c91e8e29f60ebb387c06ac2da80e63b78e36e0a02a2dd405e0584f4ef54e084a62f879b2da434dd39d6712ee69c8fc66ff86e982e9681aac497bfedd91a27e3e43663fb730f6d9d585cccbae53a510112fe1caaf3ecb11e831c4f3ecc5412395176916b3d12cda32a6b5f2535a88c24d562d627772cd31d777a366076334493c67dd1e02fc4fc234dbe986ec9247ffc0e834f37ba735cc382ff8cd2b4241c37ed31573ac58eec85a0985109bca0b685cc5ab97bb97c69d3613df03b519f7ac9d86e2eefaa0f1c34d40476ffa776fee4088efd5ff7c9b6c6d1753b12801b00753f7e080bdd4dc4ea880d2ae04dc26a4cbfba8436b4a487c6021fe8aaf5751f783457962de862e7ead6b02f6266be8ef25d71f857117760f8d447c40c701ae34f464a0ec9d8ed7c7de721c9310a64bf25338228c9ee3a10f5663ee17b8781a789dae4d2cc6a23eed8126ea15a1517dd7bb661a20602881c4c940d8030a127853701777baa2647f43a1fb58371a7a38971527f0a39623bacf5bf37763abea7e23db2c741165fa47930cdc49d148e9a0945a2041f90a9de9671a7c6d4668b05b076b88", 0x1000, r5}, 0x68) (async)

01:36:46 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x68}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:46 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 13)

01:36:46 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xe3, 0x0, 0x0, 0x200000000000000)

01:36:46 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x27}, 0x0, 0x0)

[  535.567047][T15497] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:46 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000300)={0x2, 0x4, @broadcast}, 0x38) (async)
listen(r0, 0x0) (async)
connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @multicast1}, 0x10) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x80800, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84) (async)
r2 = socket$inet_sctp(0x2, 0x5, 0x84) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1616c0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000001440)=ANY=[], &(0x7f0000000140)=0x8) (async)
r4 = fsmount(r1, 0x0, 0x8)
getsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0x1b, &(0x7f00000000c0)=@assoc_value, &(0x7f0000000100)=0x8) (async)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e20, @multicast2}}, 0x2, 0x1, 0x2, 0xf6c, 0x7}, &(0x7f0000000280)=0x98) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="5f7c27e6fb6b418d4c28c1afb69374", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="9e02769490780008"], 0x0) (async)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/203, 0xcb, 0x0, &(0x7f0000000100)}, &(0x7f0000000180)=0x40)
setsockopt$sock_void(r2, 0x1, 0x24, 0x0, 0x0) (async)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7d13}) (async)
ioctl$TUNSETOFFLOAD(r5, 0x400454de, 0x7fffffffefff)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000969000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000894000/0x2000)=nil, &(0x7f0000df8000/0x2000)=nil, &(0x7f0000959000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000e26000/0x3000)=nil, &(0x7f0000c62000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000aa0000/0x1000)=nil, &(0x7f0000000400)="b72ce249d75757ac7077aca72cff1f391250c72cd7c91698342889be440ec18e5d729b5bb77e6edcf6b9698f28f65bfe64c846c1952a0a1e9af2460fee811cc7fea36bb7893c50a9e9ac296c5fbcbe5628aac271387be4bc3e9a2ba8cf631fa5af0094deeb9ac238305d9b36d09c757cee182b3f5454bc93e9c5ab54ef27b8a83d7efc24c53701f25ef93e565d6e60f6f9e8a6ef093b6cf2709f095830b5725a8c78847a91ad1fae3d58339d1801126e4b62659fa427f75027d3f12668e63c2d4a10579bceffdbdf8183884f2b62177ba7f19d4d8ab06c5a9eefb45e9280442d772cc6b66b29784d3adb234d637d614cf4ccd4b9cfa487867e82cf819d205f8f2621def29d974b293ff32310c915a35f19cfaa95bb069249126c0a0bc28e8c083d52ff1c64e10c619c25738f23894eaa5b50b391ba8ef3751be6d869ed0c2e66915bfec5f72ec8b6e5961e6b934ad930d354fb64364d0ed3395f6763e46385456cf65d0213cdffb21819d83f3758ba8a85d5a8af824f73a4405893646e042becdd3bab2ecec8b04033b308ed2fc47aca404c9342465afdcef3da332452c9b0ee420ca7589fcca79f476c61b4a1345469298c50e45fd362461209e6de84753d6d3016cfeb319501b03f11801e2ff66638066763c8b375f2f4f98a1aee5096a236dc2c0eee983f60c3de6add96dc9aadf75f2c31c8897d685975fb1e482fd2b313366b72ebe03151ad28a4c1ef57ad7ef7a55220bf3d58d2a2daac963d710c25a260015f1187d70d3e37bbd7bb071462f8e9b739d87b7b10cb2c81b1f302620c6ba69d39dcc5797c9c945074dcbe54653f14f42075ab524a807dd11ab9e01ab1905db69ed2bb8efa7f4be6079363039d9795332234cc296634dba1d71d4ef9e617fd2131602df02b695ea9e8bc5aca0390b424fc4058d9e64b337ac3f66f4b8c786eab031c7e9603e77a1c4792e01020d998047ee0d38388e63a73153018c0d90469bd6b3c7e210c92a4ae3fb77bf9f12b855b552440ed28ea75ea656f46e89fa3b7028c2900b46850ed37e1785cb18c9c1e821c172a0531d163e8c30e4c4ef43a70e3a6c376a82ca6b2a899374a4240ff759c0b1713d881798019ca2ad694dbc908fdedeebe1838532562fcc19f8887cd93fd4ee9c2f331ab2dec1a6a3b4c42d925af6ea502f3c94ba74fcf157164af01387a5708814d00fa1f63d111fd1ee48c60f2e7be0df67c8a74a0e2e4ce8479ca60084b59d94ed70ceb55f2ca22ef0cdbea95508716d98a025a4f31faa79ca34268b0b2ebee2165474f3613d5c8893094ecb3e9f46f208fcce252e65740487c5fcd6a103a698d693d46e2802bf666568ccff50791add336a1ff12b34c88d24b5fda116dee8bf1c54ceb3713aebba6e6cf67318a24ecf12e5c9e7dd89434c0b2dff04a44d283fe825c2b205b33410d9fcea8c6dbbbe3d1a4783dc49c6442a0b71ec7c1c70596d9ef3faf98861dac88af701545873cac1588c08a0137fa213ccce1316cc5a064b00c31dd3f504c5742be64f9a1ece72922b710160b83f604e944a1065678f8236b4d3e47c698fee72577e56caa66383ad3fb289ee05329bf7c1689de80b12416df9856370add53f0f426daccbf1ad230e68d0fc8c310f9df84e7f593236ecb0226a5b7830b43345db3084adfa18d78656abdfa98c313d2292ec844880c299447baa10c9dfd0bc672f1d9da156c3cccc8630cb4234d75e42f94feecc0f229d4ba13081242d72f01456fea48800b719adfb75b24f5d3f36d78be369af36471e2fdd33c61d7627448e0c139218af466c36986e5fd7972b33c4461e638d326a6ae3f6cb7deec53f5b5251ba520dc33fd4627a26b93edef4f01179db334cc6b69c72ad5fffeabef717de2c0e083e4bd95c655cc01fa69bfb7adfee4dfdde615b916ec5af31bf8d919cf44f923b585ac1aefa04f1200e6e0fee2402824ed8177c17a10bb4c7c42680b29bd9a451f87cc6f703c4e33beb933cb7ddb78c1bad71ba9dcc66292bbfbe22d4c46215e0ca502c870bfcb724c065221b5980cb541c537aa0ec56564dd5d6ad511f10dba293770cb368bc34415ac7fe1da4bebbc39e261c6161aa070f80a151898d33b70e88110793fad4515626274d2d69ee9b252f932f760bb45ffaa5a09a8bcf7a953224edd58e1038d9f1fb3bdbab4905d21078b9b2ed050d3c32bdffa9daaa39aeeb62ddab85382760db7f09fa07e87707b7f3249218938ecee57ca009d0ba8fd6d1b65568f55b858319e7c8384a63e959fd0ce299018c4d8292c1ac5f2f9ba9db287a3c1d19de890d331e0953e5c6ffc17ea764cb2b1c88f8ec2996dfeaa6bef98393209b46e8f987cd67d79632c668a7c778b4d6dd321498011fe0a8023c09adcba5bc402d2fe7d72a8c67fd931358ac365631dfaecdc0c0ab9139e5109da0ff222ec2b6fe5e2c18e03beb093948d079798aae994e116231a7b1f8ad2d2ce71c688f9fc33f7fda7b039bb1b0ff71cbb31030befdc7b6653fc996ea5a8308aa73392f486aa5dcb793f976e6edbd2eac0eedb2f7772a09ba49a3c1cbe842ca66a373773c867f7345d88e77955decd3ea186aea857ae72678a88508f20a0e6ee71b9fb8ba3e300409311e42abd6e15c9df98617fd7398d29f5b90901f0cb656778b62ac534ecfa9fa9d5a29fce01365ba1d585ae4a701009a06fbf85d54a6378141df31d7393d95334237cb1e96f16481f2465a59cd1de438e9627c6eff745ec460e60352113c2a02243e9d0b6b77e079f78c3d014dbef2df2986b82e04e1d2b593f48117d0c9b3bee0cf09911819131fffc739aaea57fa02e3dd06bc9da512fd3271e651959d13049e2d4aeeb07ae4a8f2b9ea4a3d9f9598f62ac1be86756197bc8d605d4609b47d89f03eb8f5b413c40e8f8c99f9570c330579c02437fccdfa4e9254cfaadfd64dfb947bcfe99cf1863a41a9839de8197a45593fd92edb209ae8907bf21975cb87dedeac461f73fcfa0c3b22e83049f45403d6cedd27966bf1c01e73ed8b83c1bc8146cc6bba55cc2888042c6f3053cce63d5b59c3d78a4d049570360679ef38617575f5f2554d2d4f3944f3d3ffdcbc6428bed7d4ff41714b53a8abb35f28a36752d12ab4b9536db8c17dc89c53ad79ac94f5eafc2af721bba271b84a1b1c38000247800c13cbe1a4344b695c42ed42bc9b0a55e98bbed81c9392f7d4e1c34181d05bb4acff540dbab4ab36cd2ed7b1bb15ae0de2e0ec848264a8762a676d877cc38282bf41a9ce1dce02bf300c03ca75191b3a23c9835502e62d524388477315133154d95d80dd4773d940fe0dcc4217e5ad8d18ed06740deeb9e17cb30db2947dd10ae0d890a6d3ab294f79b9dfdafb5165c906d9181e60332b839d9e0cf1984d8abdac9a56426adf8315eb07854e1b504312b4ae74bc6f9c0f30a2dea399a564a4f0b7a0ab74557f8ff5b0fd9057e0f67e780ff0b42438def1ff3203f3e5ed727b5abeb65bef6ad16b961f5c31b7fef7e2e0377b0fcaf91b7dc1176c0d981706bee2cb0f80b14f13fd666f5b1bb63efc0a94e4b24b4d33737622a289e82084e45628ecdaf040ca52fdecb4e2c60c3ae45ccaa4214e287e90c7fd47f958d9e5e9a2b9696ad1667c0ea1a9c3d96a4ca0f37ba09791245f62025f2a9009bfb2bb4422bc424cec9344da2fc83cab825a66e219fdf27e607e1fb96a2ad69b20c0d035209c3d93d1af76c7c8f42f0c58a6b8bf4f9f91563a3863510b8695737e4d64fb802ebebaecec1cefcfc57ce4aa4ff7121daef5a95840910d3442c0baedc339afdc02fc41900ae6b13582de8af82ddefe948e1f82c1366cf5fb721f26b92836bf92c48773edbe207401ea2f7c0857e9c431488255124daf89455911a32dee3945b45eaa8d372852fd47dd016b38e3c5726082ca555c9546cf59f3d04e838d2bb4f1fcea21df9a8678674a127f364c5933bc2b182e4c3b94630ea13bed862d6f1c1f0173f78ef6f9ec696450e572f57edbd49ed4609c9d08edc6fbb4e0116a5ef88387c45382c883ad7bab7d8d4c7c5db59a0c480114f936e7c204aa0ffd042ac296b6ed567c2b32cae02759be4cdbd68e33138d2a1864142f4de36b9c83c56a3b41fee13b24480666104b82a94de3567025b3f8421fefd24a42135db467bf533866e70c76869fc46a4e22508d0d05b8e73cf4fff2c5ade9a092a245ec4d8cabb0097556b029a4e18645653bef01b4799c78999daf825de15c079f783c6da0a56471edd2d8978d1d329f206096e1394e8c5878fd2f49a6c4523deaaba4f4de587a73183375c9b214d6b51ae170a66473aa2cf1fdae4618697877a95e165523cec49e7ae1640db71d0ff91e0d6d95851551fc467c83b2881267bd70c06e8d9a0c3dceafae6511dbb106442646d0a64056598d783a0fa0b64c09c01e3555bdd150b3ee86d73841df5c34c486f7601c37f8778d4ad83b7efacbfac82820a28822c58937ac7e5e808472b5c911ccc5d934c8e5ebe990059a865a5590b045426bf937793c77f0d4e564ca02027eced00ecea17d2669557ce4a6492e9524bd715ddd3ad9737a88d1a23c75a2a4c1ae9e82f64beb4f9adb90e89cf5ed0cdae8aa2c66a009cb37547a9baf4db1117484127c64b2b31377873b29288a41856feb4e6a2ae91a9f54ba8d2a3067f9d50c75a3d2d3cced08829af4ac36b80048d431aa98dd24166eb465eb5c769c7b52a715666e3ee8001d20c003a1bd3052590ac12b5bdedad9a0a6c3b3ac15756a44beebf942430c6cb088f50b0a689b0afa1474da5dc1f5585667aa09aa273eb343d28d7ba217151cdef6b52373e6325ad600647d8d8b4417890132673278d7255f291d93a8070e9a281c1d1aeb897249b18df1de30282d5c6da04d12de2e23c6010e3d91beb9bec175847915de2c4c8c06bc8ebbe43981483413bfd19827613945fed30a5d346b7dfcf094a135c65bc396105e3253fd319dea20d5ffe8fef316389f84269d82e6d5cdb379646a6df98fc46f28ebd1df9d299a1fee1ddaed92c873e5ece8441302260f8f57803b03e0faac2ae8b3207e83d6626f42c4a99dbcfd7574b3335f1279acbffc53f8394dd2940adad3830703a369edfff96780ceffdf82b9a1b264aa5b33429dc61d6a6067a344e053d0d79acd7f74e3fececd1f3f5015eb851b4ed17c124a4405f02213afb65c91e8e29f60ebb387c06ac2da80e63b78e36e0a02a2dd405e0584f4ef54e084a62f879b2da434dd39d6712ee69c8fc66ff86e982e9681aac497bfedd91a27e3e43663fb730f6d9d585cccbae53a510112fe1caaf3ecb11e831c4f3ecc5412395176916b3d12cda32a6b5f2535a88c24d562d627772cd31d777a366076334493c67dd1e02fc4fc234dbe986ec9247ffc0e834f37ba735cc382ff8cd2b4241c37ed31573ac58eec85a0985109bca0b685cc5ab97bb97c69d3613df03b519f7ac9d86e2eefaa0f1c34d40476ffa776fee4088efd5ff7c9b6c6d1753b12801b00753f7e080bdd4dc4ea880d2ae04dc26a4cbfba8436b4a487c6021fe8aaf5751f783457962de862e7ead6b02f6266be8ef25d71f857117760f8d447c40c701ae34f464a0ec9d8ed7c7de721c9310a64bf25338228c9ee3a10f5663ee17b8781a789dae4d2cc6a23eed8126ea15a1517dd7bb661a20602881c4c940d8030a127853701777baa2647f43a1fb58371a7a38971527f0a39623bacf5bf37763abea7e23db2c741165fa47930cdc49d148e9a0945a2041f90a9de9671a7c6d4668b05b076b88", 0x1000, r5}, 0x68)

[  535.743925][T15503] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:46 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x4, 0x2, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  535.788276][T15501] FAULT_INJECTION: forcing a failure.
[  535.788276][T15501] name failslab, interval 1, probability 0, space 0, times 0
[  535.837280][T15501] CPU: 0 PID: 15501 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  535.847814][T15501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  535.857861][T15501] Call Trace:
[  535.861128][T15501]  <TASK>
[  535.864048][T15501]  dump_stack_lvl+0xcd/0x134
[  535.868647][T15501]  should_fail.cold+0x5/0xa
[  535.873151][T15501]  should_failslab+0x5/0x10
[  535.877644][T15501]  kmem_cache_alloc_bulk+0x4b/0x720
[  535.882856][T15501]  io_submit_sqes.cold+0x1b9/0x3f2
[  535.887977][T15501]  ? find_held_lock+0x2d/0x110
[  535.892737][T15501]  ? io_apoll_task_func+0x270/0x270
[  535.898316][T15501]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  535.904114][T15501]  __do_sys_io_uring_enter+0x119b/0x21d0
[  535.909776][T15501]  ? io_submit_sqes+0x98b0/0x98b0
[  535.914794][T15501]  ? find_held_lock+0x2d/0x110
[  535.919567][T15501]  ? __context_tracking_exit+0xb8/0xe0
[  535.925043][T15501]  ? lock_downgrade+0x6e0/0x6e0
[  535.929916][T15501]  ? lock_downgrade+0x6e0/0x6e0
[  535.934970][T15501]  ? syscall_enter_from_user_mode+0x21/0x70
[  535.940889][T15501]  do_syscall_64+0x35/0xb0
[  535.945323][T15501]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  535.951221][T15501] RIP: 0033:0x7fb48a0890e9
[  535.955664][T15501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  535.975281][T15501] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  535.983692][T15501] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  535.991653][T15501] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  535.999619][T15501] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  536.007604][T15501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  536.015602][T15501] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  536.023600][T15501]  </TASK>
01:36:46 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x4, 0x2, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:47 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x6c}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  536.186943][T15515] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:47 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x4, 0x2, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:47 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xf0, 0x0, 0x0, 0x200000000000000)

01:36:47 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x28}, 0x0, 0x0)

01:36:47 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 14)

01:36:47 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0108000000400000"], 0x0)

[  536.466335][T15526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  536.507048][T15527] FAULT_INJECTION: forcing a failure.
[  536.507048][T15527] name failslab, interval 1, probability 0, space 0, times 0
[  536.521055][T15526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:47 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x74}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  536.618933][T15527] CPU: 0 PID: 15527 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  536.629476][T15527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  536.639542][T15527] Call Trace:
[  536.642816][T15527]  <TASK>
[  536.645737][T15527]  dump_stack_lvl+0xcd/0x134
[  536.650332][T15527]  should_fail.cold+0x5/0xa
[  536.654833][T15527]  ? memcg_alloc_slab_cgroups+0x8b/0x140
[  536.660470][T15527]  should_failslab+0x5/0x10
[  536.664988][T15527]  __kmalloc_node+0x75/0x390
[  536.669578][T15527]  memcg_alloc_slab_cgroups+0x8b/0x140
[  536.675034][T15527]  allocate_slab+0x2c9/0x3c0
[  536.679623][T15527]  ___slab_alloc+0x8df/0xf20
[  536.684471][T15527]  ? io_submit_sqes.cold+0x1b9/0x3f2
[  536.689759][T15527]  ? mark_held_locks+0x9f/0xe0
[  536.694534][T15527]  kmem_cache_alloc_bulk+0x21c/0x720
[  536.699827][T15527]  io_submit_sqes.cold+0x1b9/0x3f2
[  536.704945][T15527]  ? find_held_lock+0x2d/0x110
[  536.709714][T15527]  ? io_apoll_task_func+0x270/0x270
[  536.714917][T15527]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  536.720713][T15527]  __do_sys_io_uring_enter+0x119b/0x21d0
[  536.726350][T15527]  ? io_submit_sqes+0x98b0/0x98b0
[  536.731373][T15527]  ? find_held_lock+0x2d/0x110
[  536.736150][T15527]  ? __context_tracking_exit+0xb8/0xe0
[  536.741628][T15527]  ? lock_downgrade+0x6e0/0x6e0
[  536.746496][T15527]  ? lock_downgrade+0x6e0/0x6e0
[  536.752494][T15527]  ? syscall_enter_from_user_mode+0x21/0x70
[  536.758410][T15527]  do_syscall_64+0x35/0xb0
[  536.762833][T15527]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  536.768740][T15527] RIP: 0033:0x7fb48a0890e9
[  536.773184][T15527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  536.792802][T15527] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  536.801221][T15527] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  536.809185][T15527] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
01:36:47 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0108000000400000"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0108000000400000"], 0x0) (async)

01:36:47 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xf0, 0x0, 0x0, 0x200000000000000)

[  536.817162][T15527] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  536.825123][T15527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  536.833086][T15527] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  536.841069][T15527]  </TASK>
01:36:47 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0108000000400000"], 0x0)

[  536.884082][T15536] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:47 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="b88aa91d9018c42908e7684c69fdaa025f6d107b463c7d335f4272e46134de529c541f0000004390ff66f0bacaa6faa85fb148767deab044e07321cd4660817f0f2fd82fd83ce10e6833d84740fc31dd203e48a8adeca4d821663a4208872000000066ba92f062027227aa4872d79d4d6921be2ab4a815a727cc1718bc689ae975b44e6f52969e95aa6e1178f895461b01039f9f2f7e3f932dd10a3333afb29c7a75c5efc89afb922f87ade1"], 0x0)

01:36:47 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="b88aa91d9018c42908e7684c69fdaa025f6d107b463c7d335f4272e46134de529c541f0000004390ff66f0bacaa6faa85fb148767deab044e07321cd4660817f0f2fd82fd83ce10e6833d84740fc31dd203e48a8adeca4d821663a4208872000000066ba92f062027227aa4872d79d4d6921be2ab4a815a727cc1718bc689ae975b44e6f52969e95aa6e1178f895461b01039f9f2f7e3f932dd10a3333afb29c7a75c5efc89afb922f87ade1"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="b88aa91d9018c42908e7684c69fdaa025f6d107b463c7d335f4272e46134de529c541f0000004390ff66f0bacaa6faa85fb148767deab044e07321cd4660817f0f2fd82fd83ce10e6833d84740fc31dd203e48a8adeca4d821663a4208872000000066ba92f062027227aa4872d79d4d6921be2ab4a815a727cc1718bc689ae975b44e6f52969e95aa6e1178f895461b01039f9f2f7e3f932dd10a3333afb29c7a75c5efc89afb922f87ade1"], 0x0) (async)

01:36:48 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x29}, 0x0, 0x0)

01:36:48 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 15)

01:36:48 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x700, 0x0, 0x0, 0x200000000000000)

01:36:48 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x7a}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:48 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async, rerun: 64)
listen(r0, 0x0) (rerun: 64)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="b88aa91d9018c42908e7684c69fdaa025f6d107b463c7d335f4272e46134de529c541f0000004390ff66f0bacaa6faa85fb148767deab044e07321cd4660817f0f2fd82fd83ce10e6833d84740fc31dd203e48a8adeca4d821663a4208872000000066ba92f062027227aa4872d79d4d6921be2ab4a815a727cc1718bc689ae975b44e6f52969e95aa6e1178f895461b01039f9f2f7e3f932dd10a3333afb29c7a75c5efc89afb922f87ade1"], 0x0)

[  537.233930][T15550] FAULT_INJECTION: forcing a failure.
[  537.233930][T15550] name failslab, interval 1, probability 0, space 0, times 0
[  537.272648][T15552] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  537.325344][T15560] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  537.335347][T15550] CPU: 0 PID: 15550 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  537.345899][T15550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  537.355951][T15550] Call Trace:
[  537.359225][T15550]  <TASK>
[  537.362148][T15550]  dump_stack_lvl+0xcd/0x134
[  537.366734][T15550]  should_fail.cold+0x5/0xa
[  537.371228][T15550]  should_failslab+0x5/0x10
[  537.375720][T15550]  kmem_cache_alloc_bulk+0x4b/0x720
[  537.380915][T15550]  io_submit_sqes.cold+0x1b9/0x3f2
[  537.386029][T15550]  ? find_held_lock+0x2d/0x110
[  537.390789][T15550]  ? io_apoll_task_func+0x270/0x270
[  537.395985][T15550]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  537.401780][T15550]  __do_sys_io_uring_enter+0x119b/0x21d0
[  537.407405][T15550]  ? io_submit_sqes+0x98b0/0x98b0
[  537.412417][T15550]  ? find_held_lock+0x2d/0x110
[  537.417170][T15550]  ? __context_tracking_exit+0xb8/0xe0
[  537.422617][T15550]  ? lock_downgrade+0x6e0/0x6e0
[  537.427458][T15550]  ? lock_downgrade+0x6e0/0x6e0
[  537.432307][T15550]  ? syscall_enter_from_user_mode+0x21/0x70
[  537.438197][T15550]  do_syscall_64+0x35/0xb0
[  537.442617][T15550]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  537.448497][T15550] RIP: 0033:0x7fb48a0890e9
[  537.452921][T15550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  537.472539][T15550] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  537.481289][T15550] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  537.489247][T15550] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  537.497210][T15550] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  537.505168][T15550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  537.513126][T15550] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  537.521093][T15550]  </TASK>
[  537.542601][T15552] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:48 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x112, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x3f, 0x4, 0x0, 0x8, 0x104, 0x66, 0x0, 0xff, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, {[@timestamp_prespec={0x44, 0x4c, 0x6b, 0x3, 0x8, [{@broadcast, 0x9}, {@dev={0xac, 0x14, 0x14, 0x30}, 0x721}, {@remote}, {@private=0xa010102, 0x7}, {@remote, 0xcfb6}, {@loopback, 0x5}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x7}, {@broadcast, 0x7}, {@empty, 0x38f}]}, @cipso={0x86, 0x2b, 0x1, [{0x1, 0xf, "fc77eb4c7eb901e8cb080e4835"}, {0x7, 0x5, "b3e86f"}, {0x0, 0x11, "64b6f02d1a305c6d8d422927e64f75"}]}, @cipso={0x86, 0x34, 0x1, [{0x5, 0xd, "00cce503ca986f48b1c073"}, {0x7, 0x5, "baa8cc"}, {0x5, 0xc, "996633db6e18e7906af7"}, {0x1, 0xa, "c4fc772c93b488c2"}, {0xe304cc5496da2dc8, 0x6, "b59a5da8"}]}, @lsrr={0x83, 0x1b, 0xf3, [@remote, @loopback, @loopback, @remote, @dev={0xac, 0x14, 0x14, 0x1b}, @multicast1]}, @noop, @lsrr={0x83, 0x1f, 0xca, [@broadcast, @local, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x12}, @dev={0xac, 0x14, 0x14, 0x43}, @empty, @private=0xa010100]}]}}, @address_request={0x11, 0x0, 0x0, 0x441d}}}}}, 0x0)

01:36:48 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x112, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x3f, 0x4, 0x0, 0x8, 0x104, 0x66, 0x0, 0xff, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, {[@timestamp_prespec={0x44, 0x4c, 0x6b, 0x3, 0x8, [{@broadcast, 0x9}, {@dev={0xac, 0x14, 0x14, 0x30}, 0x721}, {@remote}, {@private=0xa010102, 0x7}, {@remote, 0xcfb6}, {@loopback, 0x5}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x7}, {@broadcast, 0x7}, {@empty, 0x38f}]}, @cipso={0x86, 0x2b, 0x1, [{0x1, 0xf, "fc77eb4c7eb901e8cb080e4835"}, {0x7, 0x5, "b3e86f"}, {0x0, 0x11, "64b6f02d1a305c6d8d422927e64f75"}]}, @cipso={0x86, 0x34, 0x1, [{0x5, 0xd, "00cce503ca986f48b1c073"}, {0x7, 0x5, "baa8cc"}, {0x5, 0xc, "996633db6e18e7906af7"}, {0x1, 0xa, "c4fc772c93b488c2"}, {0xe304cc5496da2dc8, 0x6, "b59a5da8"}]}, @lsrr={0x83, 0x1b, 0xf3, [@remote, @loopback, @loopback, @remote, @dev={0xac, 0x14, 0x14, 0x1b}, @multicast1]}, @noop, @lsrr={0x83, 0x1f, 0xca, [@broadcast, @local, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x12}, @dev={0xac, 0x14, 0x14, 0x43}, @empty, @private=0xa010100]}]}}, @address_request={0x11, 0x0, 0x0, 0x441d}}}}}, 0x0)

01:36:48 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x700, 0x0, 0x0, 0x200000000000000)

01:36:48 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x112, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x3f, 0x4, 0x0, 0x8, 0x104, 0x66, 0x0, 0xff, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, {[@timestamp_prespec={0x44, 0x4c, 0x6b, 0x3, 0x8, [{@broadcast, 0x9}, {@dev={0xac, 0x14, 0x14, 0x30}, 0x721}, {@remote}, {@private=0xa010102, 0x7}, {@remote, 0xcfb6}, {@loopback, 0x5}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x7}, {@broadcast, 0x7}, {@empty, 0x38f}]}, @cipso={0x86, 0x2b, 0x1, [{0x1, 0xf, "fc77eb4c7eb901e8cb080e4835"}, {0x7, 0x5, "b3e86f"}, {0x0, 0x11, "64b6f02d1a305c6d8d422927e64f75"}]}, @cipso={0x86, 0x34, 0x1, [{0x5, 0xd, "00cce503ca986f48b1c073"}, {0x7, 0x5, "baa8cc"}, {0x5, 0xc, "996633db6e18e7906af7"}, {0x1, 0xa, "c4fc772c93b488c2"}, {0xe304cc5496da2dc8, 0x6, "b59a5da8"}]}, @lsrr={0x83, 0x1b, 0xf3, [@remote, @loopback, @loopback, @remote, @dev={0xac, 0x14, 0x14, 0x1b}, @multicast1]}, @noop, @lsrr={0x83, 0x1f, 0xca, [@broadcast, @local, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x12}, @dev={0xac, 0x14, 0x14, 0x43}, @empty, @private=0xa010100]}]}}, @address_request={0x11, 0x0, 0x0, 0x441d}}}}}, 0x0)

01:36:48 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:48 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:48 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x48}, 0x0, 0x0)

[  537.930082][T15576] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:48 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 16)

01:36:48 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
socket$xdp(0x2c, 0x3, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  538.035112][T15579] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  538.077748][T15582] FAULT_INJECTION: forcing a failure.
[  538.077748][T15582] name failslab, interval 1, probability 0, space 0, times 0
[  538.103404][T15582] CPU: 1 PID: 15582 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  538.113945][T15582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  538.124021][T15582] Call Trace:
[  538.127296][T15582]  <TASK>
[  538.130225][T15582]  dump_stack_lvl+0xcd/0x134
[  538.134830][T15582]  should_fail.cold+0x5/0xa
[  538.139335][T15582]  should_failslab+0x5/0x10
[  538.143833][T15582]  kmem_cache_alloc_bulk+0x4b/0x720
[  538.149036][T15582]  io_submit_sqes.cold+0x1b9/0x3f2
[  538.154152][T15582]  ? find_held_lock+0x2d/0x110
[  538.158912][T15582]  ? io_apoll_task_func+0x270/0x270
[  538.164254][T15582]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  538.170077][T15582]  __do_sys_io_uring_enter+0x119b/0x21d0
[  538.175735][T15582]  ? io_submit_sqes+0x98b0/0x98b0
[  538.180781][T15582]  ? find_held_lock+0x2d/0x110
[  538.185569][T15582]  ? __context_tracking_exit+0xb8/0xe0
[  538.191119][T15582]  ? lock_downgrade+0x6e0/0x6e0
[  538.195979][T15582]  ? lock_downgrade+0x6e0/0x6e0
[  538.200837][T15582]  ? syscall_enter_from_user_mode+0x21/0x70
[  538.206726][T15582]  do_syscall_64+0x35/0xb0
[  538.211148][T15582]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  538.217033][T15582] RIP: 0033:0x7fb48a0890e9
[  538.221435][T15582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  538.241045][T15582] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  538.249479][T15582] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  538.257451][T15582] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  538.265423][T15582] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  538.273390][T15582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  538.281359][T15582] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  538.289531][T15582]  </TASK>
01:36:49 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x1f00, 0x0, 0x0, 0x200000000000000)

01:36:49 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x2}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:49 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
socket$xdp(0x2c, 0x3, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:49 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
getsockopt$inet_tcp_int(r1, 0x6, 0xa, &(0x7f0000000040), &(0x7f0000000080)=0x4)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045000028000000b1e2f13018bfceaf5783c24ca7bf7800000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

[  538.417849][T15588] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:49 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
getsockopt$inet_tcp_int(r1, 0x6, 0xa, &(0x7f0000000040), &(0x7f0000000080)=0x4)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045000028000000b1e2f13018bfceaf5783c24ca7bf7800000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

01:36:49 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x1f00, 0x0, 0x0, 0x200000000000000)

01:36:49 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x4c}, 0x0, 0x0)

01:36:49 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 17)

01:36:49 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x3}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:49 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async, rerun: 64)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) (rerun: 64)
getsockopt$inet_tcp_int(r1, 0x6, 0xa, &(0x7f0000000040), &(0x7f0000000080)=0x4) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045000028000000b1e2f13018bfceaf5783c24ca7bf7800000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

[  538.771826][T15602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  538.806617][T15607] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  538.831527][T15608] FAULT_INJECTION: forcing a failure.
[  538.831527][T15608] name failslab, interval 1, probability 0, space 0, times 0
[  538.856219][T15602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  538.886085][T15608] CPU: 0 PID: 15608 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  538.896620][T15608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  538.906682][T15608] Call Trace:
[  538.909983][T15608]  <TASK>
[  538.912926][T15608]  dump_stack_lvl+0xcd/0x134
[  538.917707][T15608]  should_fail.cold+0x5/0xa
[  538.922249][T15608]  ? memcg_alloc_slab_cgroups+0x8b/0x140
[  538.927894][T15608]  should_failslab+0x5/0x10
[  538.932412][T15608]  __kmalloc_node+0x75/0x390
[  538.937021][T15608]  memcg_alloc_slab_cgroups+0x8b/0x140
[  538.942606][T15608]  allocate_slab+0x2c9/0x3c0
[  538.947196][T15608]  ___slab_alloc+0x8df/0xf20
[  538.952310][T15608]  ? io_submit_sqes.cold+0x1b9/0x3f2
[  538.957608][T15608]  ? mark_held_locks+0x9f/0xe0
[  538.962390][T15608]  kmem_cache_alloc_bulk+0x21c/0x720
[  538.967695][T15608]  io_submit_sqes.cold+0x1b9/0x3f2
[  538.972824][T15608]  ? find_held_lock+0x2d/0x110
[  538.977584][T15608]  ? io_apoll_task_func+0x270/0x270
[  538.982904][T15608]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  538.988755][T15608]  __do_sys_io_uring_enter+0x119b/0x21d0
[  538.994424][T15608]  ? io_submit_sqes+0x98b0/0x98b0
[  538.999536][T15608]  ? find_held_lock+0x2d/0x110
[  539.004410][T15608]  ? __context_tracking_exit+0xb8/0xe0
[  539.009879][T15608]  ? lock_downgrade+0x6e0/0x6e0
[  539.014746][T15608]  ? lock_downgrade+0x6e0/0x6e0
[  539.019607][T15608]  ? syscall_enter_from_user_mode+0x21/0x70
[  539.025772][T15608]  do_syscall_64+0x35/0xb0
[  539.030216][T15608]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  539.036117][T15608] RIP: 0033:0x7fb48a0890e9
[  539.040675][T15608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  539.060372][T15608] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  539.068959][T15608] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  539.076944][T15608] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
01:36:50 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
sendto$inet(r1, &(0x7f0000000000)="50e1652bd66250a2dded552386570c65ff01d29b06b6f9662aa46f4b0de300f96282672f28f0e453c42644013ce7a1a1f50b32bef7bb7e36b01f9b327553817be57c40f2f215848b9c79d03d7500f89a00ed06303548fdca12a4b1ac877a943768290edfd5589b49bc9c58300dbb16ed2dac3de4386233c3fef9edbe7c1101d7402ab7ee0860c0ee990d4b09315445ee31e21b9a433c6c97391fd1d7dc757f45e903cabbadc79bf1a56740e76270a4d1388fc176186fcde3a160b6206b4fbc8c4db336ce8d06e437cc21497b571a89cc27d5761aad1087a400fb2b55fd5778952ed12ab16a", 0xe5, 0x20004014, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  539.084918][T15608] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  539.092886][T15608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  539.100853][T15608] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  539.108905][T15608]  </TASK>
01:36:50 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
sendto$inet(r1, &(0x7f0000000000)="50e1652bd66250a2dded552386570c65ff01d29b06b6f9662aa46f4b0de300f96282672f28f0e453c42644013ce7a1a1f50b32bef7bb7e36b01f9b327553817be57c40f2f215848b9c79d03d7500f89a00ed06303548fdca12a4b1ac877a943768290edfd5589b49bc9c58300dbb16ed2dac3de4386233c3fef9edbe7c1101d7402ab7ee0860c0ee990d4b09315445ee31e21b9a433c6c97391fd1d7dc757f45e903cabbadc79bf1a56740e76270a4d1388fc176186fcde3a160b6206b4fbc8c4db336ce8d06e437cc21497b571a89cc27d5761aad1087a400fb2b55fd5778952ed12ab16a", 0xe5, 0x20004014, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:50 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x2000, 0x0, 0x0, 0x200000000000000)

01:36:50 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x4}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:50 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
sendto$inet(r1, &(0x7f0000000000)="50e1652bd66250a2dded552386570c65ff01d29b06b6f9662aa46f4b0de300f96282672f28f0e453c42644013ce7a1a1f50b32bef7bb7e36b01f9b327553817be57c40f2f215848b9c79d03d7500f89a00ed06303548fdca12a4b1ac877a943768290edfd5589b49bc9c58300dbb16ed2dac3de4386233c3fef9edbe7c1101d7402ab7ee0860c0ee990d4b09315445ee31e21b9a433c6c97391fd1d7dc757f45e903cabbadc79bf1a56740e76270a4d1388fc176186fcde3a160b6206b4fbc8c4db336ce8d06e437cc21497b571a89cc27d5761aad1087a400fb2b55fd5778952ed12ab16a", 0xe5, 0x20004014, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
pipe2(&(0x7f0000000040), 0x0) (async)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async)
sendto$inet(r1, &(0x7f0000000000)="50e1652bd66250a2dded552386570c65ff01d29b06b6f9662aa46f4b0de300f96282672f28f0e453c42644013ce7a1a1f50b32bef7bb7e36b01f9b327553817be57c40f2f215848b9c79d03d7500f89a00ed06303548fdca12a4b1ac877a943768290edfd5589b49bc9c58300dbb16ed2dac3de4386233c3fef9edbe7c1101d7402ab7ee0860c0ee990d4b09315445ee31e21b9a433c6c97391fd1d7dc757f45e903cabbadc79bf1a56740e76270a4d1388fc176186fcde3a160b6206b4fbc8c4db336ce8d06e437cc21497b571a89cc27d5761aad1087a400fb2b55fd5778952ed12ab16a", 0xe5, 0x20004014, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)

01:36:50 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x60}, 0x0, 0x0)

01:36:50 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb0800450a0028000054a90476f6ba07a16d3215f5832100000006", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

[  539.420919][T15625] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  539.548637][T15632] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  539.587527][T15632] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:50 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x2000, 0x0, 0x0, 0x200000000000000)

01:36:50 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 18)

01:36:50 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb0800450a0028000054a90476f6ba07a16d3215f5832100000006", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb0800450a0028000054a90476f6ba07a16d3215f5832100000006", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0) (async)

[  539.674234][T15638] FAULT_INJECTION: forcing a failure.
[  539.674234][T15638] name failslab, interval 1, probability 0, space 0, times 0
[  539.769204][T15638] CPU: 1 PID: 15638 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  539.779844][T15638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  539.789913][T15638] Call Trace:
[  539.793185][T15638]  <TASK>
[  539.796218][T15638]  dump_stack_lvl+0xcd/0x134
[  539.800830][T15638]  should_fail.cold+0x5/0xa
[  539.805364][T15638]  should_failslab+0x5/0x10
[  539.809874][T15638]  kmem_cache_alloc_bulk+0x4b/0x720
[  539.815108][T15638]  io_submit_sqes.cold+0x1b9/0x3f2
[  539.820240][T15638]  ? find_held_lock+0x2d/0x110
[  539.825025][T15638]  ? io_apoll_task_func+0x270/0x270
[  539.830237][T15638]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  539.836070][T15638]  __do_sys_io_uring_enter+0x119b/0x21d0
[  539.841728][T15638]  ? io_submit_sqes+0x98b0/0x98b0
[  539.846759][T15638]  ? find_held_lock+0x2d/0x110
[  539.851549][T15638]  ? __context_tracking_exit+0xb8/0xe0
[  539.857048][T15638]  ? lock_downgrade+0x6e0/0x6e0
[  539.861921][T15638]  ? lock_downgrade+0x6e0/0x6e0
[  539.866803][T15638]  ? syscall_enter_from_user_mode+0x21/0x70
[  539.872716][T15638]  do_syscall_64+0x35/0xb0
[  539.877165][T15638]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  539.883076][T15638] RIP: 0033:0x7fb48a0890e9
[  539.887581][T15638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  539.907314][T15638] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
01:36:50 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x5}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:50 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb0800450a0028000054a90476f6ba07a16d3215f5832100000006", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

[  539.915749][T15638] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  539.923838][T15638] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  539.931903][T15638] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  539.940067][T15638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  539.948045][T15638] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  539.956044][T15638]  </TASK>
01:36:50 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000000)=0x1, 0x4)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:50 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x68}, 0x0, 0x0)

[  540.024772][T15650] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  540.177354][T15654] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  540.231394][T15654] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:51 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xe3ff, 0x0, 0x0, 0x200000000000000)

01:36:51 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000000)=0x1, 0x4)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:51 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 19)

01:36:51 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x6}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:51 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000000)=0x1, 0x4)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000000)=0x1, 0x4) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)

[  540.427830][T15659] FAULT_INJECTION: forcing a failure.
[  540.427830][T15659] name failslab, interval 1, probability 0, space 0, times 0
[  540.441066][T15662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  540.502022][T15659] CPU: 0 PID: 15659 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  540.512544][T15659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  540.522591][T15659] Call Trace:
[  540.525860][T15659]  <TASK>
[  540.528778][T15659]  dump_stack_lvl+0xcd/0x134
[  540.533377][T15659]  should_fail.cold+0x5/0xa
[  540.538142][T15659]  should_failslab+0x5/0x10
[  540.542641][T15659]  kmem_cache_alloc_bulk+0x4b/0x720
[  540.547844][T15659]  io_submit_sqes.cold+0x1b9/0x3f2
[  540.552962][T15659]  ? find_held_lock+0x2d/0x110
[  540.557721][T15659]  ? io_apoll_task_func+0x270/0x270
[  540.562933][T15659]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  540.568749][T15659]  __do_sys_io_uring_enter+0x119b/0x21d0
[  540.574394][T15659]  ? io_submit_sqes+0x98b0/0x98b0
[  540.579416][T15659]  ? find_held_lock+0x2d/0x110
[  540.584182][T15659]  ? __context_tracking_exit+0xb8/0xe0
[  540.589639][T15659]  ? lock_downgrade+0x6e0/0x6e0
[  540.594489][T15659]  ? lock_downgrade+0x6e0/0x6e0
[  540.599346][T15659]  ? syscall_enter_from_user_mode+0x21/0x70
[  540.605242][T15659]  do_syscall_64+0x35/0xb0
[  540.609661][T15659]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  540.615551][T15659] RIP: 0033:0x7fb48a0890e9
[  540.619959][T15659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  540.639559][T15659] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  540.647966][T15659] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  540.655935][T15659] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  540.663898][T15659] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  540.672123][T15659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  540.680089][T15659] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  540.688068][T15659]  </TASK>
01:36:51 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xe3ff, 0x0, 0x0, 0x200000000000000)

01:36:51 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x6c}, 0x0, 0x0)

01:36:51 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x84, &(0x7f0000000140)={@local, @multicast, @val={@void, {0x8100, 0x4, 0x0, 0x4}}, {@mpls_uc={0x8847, {[{0x0, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x702d}, {0xffffa}, {0x4, 0x0, 0x1}, {0xc7f9}, {0x7ff, 0x0, 0x1}], @ipv4=@igmp={{0xc, 0x4, 0x3, 0x8, 0x56, 0x68, 0x0, 0x1, 0x2, 0x0, @remote, @multicast2, {[@timestamp={0x44, 0x14, 0xf0, 0x0, 0x0, [0x6, 0x5, 0x200, 0x8]}, @noop, @noop, @ra={0x94, 0x4}]}}, {0x1f, 0x81, 0x0, @loopback, "be04b1d3369c796af90b9f80c5bb11b8bdca5084e2d10300776e6c25b323"}}}}}}, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @broadcast}, 0x10)

01:36:51 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 20)

01:36:51 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x7}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  540.862803][T15672] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:51 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0)
syz_emit_ethernet(0x84, &(0x7f0000000140)={@local, @multicast, @val={@void, {0x8100, 0x4, 0x0, 0x4}}, {@mpls_uc={0x8847, {[{0x0, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x702d}, {0xffffa}, {0x4, 0x0, 0x1}, {0xc7f9}, {0x7ff, 0x0, 0x1}], @ipv4=@igmp={{0xc, 0x4, 0x3, 0x8, 0x56, 0x68, 0x0, 0x1, 0x2, 0x0, @remote, @multicast2, {[@timestamp={0x44, 0x14, 0xf0, 0x0, 0x0, [0x6, 0x5, 0x200, 0x8]}, @noop, @noop, @ra={0x94, 0x4}]}}, {0x1f, 0x81, 0x0, @loopback, "be04b1d3369c796af90b9f80c5bb11b8bdca5084e2d10300776e6c25b323"}}}}}}, 0x0) (async)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @broadcast}, 0x10)

[  540.968978][T15680] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  540.998401][T15672] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  541.013298][T15678] FAULT_INJECTION: forcing a failure.
01:36:51 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0)
syz_emit_ethernet(0x84, &(0x7f0000000140)={@local, @multicast, @val={@void, {0x8100, 0x4, 0x0, 0x4}}, {@mpls_uc={0x8847, {[{0x0, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x702d}, {0xffffa}, {0x4, 0x0, 0x1}, {0xc7f9}, {0x7ff, 0x0, 0x1}], @ipv4=@igmp={{0xc, 0x4, 0x3, 0x8, 0x56, 0x68, 0x0, 0x1, 0x2, 0x0, @remote, @multicast2, {[@timestamp={0x44, 0x14, 0xf0, 0x0, 0x0, [0x6, 0x5, 0x200, 0x8]}, @noop, @noop, @ra={0x94, 0x4}]}}, {0x1f, 0x81, 0x0, @loopback, "be04b1d3369c796af90b9f80c5bb11b8bdca5084e2d10300776e6c25b323"}}}}}}, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @broadcast}, 0x10)

[  541.013298][T15678] name failslab, interval 1, probability 0, space 0, times 0
[  541.050440][T15678] CPU: 0 PID: 15678 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  541.060982][T15678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  541.071144][T15678] Call Trace:
[  541.074409][T15678]  <TASK>
[  541.077328][T15678]  dump_stack_lvl+0xcd/0x134
[  541.081916][T15678]  should_fail.cold+0x5/0xa
[  541.086412][T15678]  ? memcg_alloc_slab_cgroups+0x8b/0x140
[  541.092040][T15678]  should_failslab+0x5/0x10
[  541.096538][T15678]  __kmalloc_node+0x75/0x390
[  541.101120][T15678]  memcg_alloc_slab_cgroups+0x8b/0x140
[  541.106572][T15678]  allocate_slab+0x2c9/0x3c0
[  541.111196][T15678]  ___slab_alloc+0x8df/0xf20
[  541.115814][T15678]  ? io_submit_sqes.cold+0x1b9/0x3f2
[  541.121098][T15678]  ? mark_held_locks+0x9f/0xe0
[  541.125995][T15678]  kmem_cache_alloc_bulk+0x21c/0x720
[  541.131300][T15678]  io_submit_sqes.cold+0x1b9/0x3f2
[  541.136434][T15678]  ? find_held_lock+0x2d/0x110
[  541.141205][T15678]  ? io_apoll_task_func+0x270/0x270
[  541.146432][T15678]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  541.152236][T15678]  __do_sys_io_uring_enter+0x119b/0x21d0
[  541.157882][T15678]  ? io_submit_sqes+0x98b0/0x98b0
[  541.162906][T15678]  ? find_held_lock+0x2d/0x110
[  541.167674][T15678]  ? __context_tracking_exit+0xb8/0xe0
[  541.173122][T15678]  ? lock_downgrade+0x6e0/0x6e0
[  541.177966][T15678]  ? lock_downgrade+0x6e0/0x6e0
[  541.182813][T15678]  ? syscall_enter_from_user_mode+0x21/0x70
[  541.188714][T15678]  do_syscall_64+0x35/0xb0
[  541.193161][T15678]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  541.199071][T15678] RIP: 0033:0x7fb48a0890e9
[  541.203488][T15678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  541.223095][T15678] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  541.231503][T15678] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  541.239612][T15678] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  541.247579][T15678] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  541.255539][T15678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  541.263498][T15678] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  541.271469][T15678]  </TASK>
01:36:52 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xf000, 0x0, 0x0, 0x200000000000000)

01:36:52 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000000), 0x1, 0x0)

01:36:52 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 21)

01:36:52 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x8}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:52 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000000), 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
syz_extract_tcp_res$synack(&(0x7f0000000000), 0x1, 0x0) (async)

[  541.484315][T15692] FAULT_INJECTION: forcing a failure.
[  541.484315][T15692] name failslab, interval 1, probability 0, space 0, times 0
[  541.544855][T15697] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  541.634127][T15692] CPU: 0 PID: 15692 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  541.644672][T15692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  541.654743][T15692] Call Trace:
[  541.658034][T15692]  <TASK>
[  541.660973][T15692]  dump_stack_lvl+0xcd/0x134
[  541.665588][T15692]  should_fail.cold+0x5/0xa
[  541.670112][T15692]  ? memcg_alloc_slab_cgroups+0x8b/0x140
[  541.675760][T15692]  should_failslab+0x5/0x10
[  541.680283][T15692]  __kmalloc_node+0x75/0x390
[  541.684894][T15692]  memcg_alloc_slab_cgroups+0x8b/0x140
[  541.690375][T15692]  allocate_slab+0x2c9/0x3c0
[  541.694986][T15692]  ___slab_alloc+0x8df/0xf20
[  541.699597][T15692]  ? io_submit_sqes.cold+0x1b9/0x3f2
[  541.704909][T15692]  ? mark_held_locks+0x9f/0xe0
[  541.709703][T15692]  kmem_cache_alloc_bulk+0x21c/0x720
[  541.715021][T15692]  io_submit_sqes.cold+0x1b9/0x3f2
[  541.720188][T15692]  ? find_held_lock+0x2d/0x110
[  541.724972][T15692]  ? io_apoll_task_func+0x270/0x270
[  541.730204][T15692]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  541.736024][T15692]  __do_sys_io_uring_enter+0x119b/0x21d0
[  541.741689][T15692]  ? io_submit_sqes+0x98b0/0x98b0
[  541.746731][T15692]  ? find_held_lock+0x2d/0x110
[  541.751526][T15692]  ? __context_tracking_exit+0xb8/0xe0
[  541.757003][T15692]  ? lock_downgrade+0x6e0/0x6e0
[  541.761881][T15692]  ? lock_downgrade+0x6e0/0x6e0
[  541.766771][T15692]  ? syscall_enter_from_user_mode+0x21/0x70
[  541.772721][T15692]  do_syscall_64+0x35/0xb0
[  541.777184][T15692]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  541.783187][T15692] RIP: 0033:0x7fb48a0890e9
[  541.787610][T15692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  541.807324][T15692] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  541.815836][T15692] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  541.823932][T15692] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  541.831889][T15692] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  541.839869][T15692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  541.847822][T15692] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  541.855803][T15692]  </TASK>
01:36:52 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x74}, 0x0, 0x0)

01:36:52 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000000), 0x1, 0x0)

01:36:52 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xf000, 0x0, 0x0, 0x200000000000000)

01:36:52 executing program 3:
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000000)={0x2b, 0x8, '\x00', [@generic={0x0, 0x3c, "87a5b1e1014bfd5d3e5f8d05e2f7e7f935e1bb4ab12ec05eb091a9ec42910fde8f10d8cf8f2da23f8c7cbca7dee5e4a4aa68242968c021cd5aec19f3"}, @jumbo={0xc2, 0x4, 0x2a}]}, 0x50)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb0800450000280000ebffff0590780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c0200b840e2bfde"], 0x0)

01:36:52 executing program 3:
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000000)={0x2b, 0x8, '\x00', [@generic={0x0, 0x3c, "87a5b1e1014bfd5d3e5f8d05e2f7e7f935e1bb4ab12ec05eb091a9ec42910fde8f10d8cf8f2da23f8c7cbca7dee5e4a4aa68242968c021cd5aec19f3"}, @jumbo={0xc2, 0x4, 0x2a}]}, 0x50) (async)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb0800450000280000ebffff0590780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c0200b840e2bfde"], 0x0)

[  541.931821][T15710] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  541.965824][T15710] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:52 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x9}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:53 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 22)

[  542.143988][T15720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.216377][T15722] FAULT_INJECTION: forcing a failure.
[  542.216377][T15722] name failslab, interval 1, probability 0, space 0, times 0
[  542.253094][T15722] CPU: 1 PID: 15722 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  542.263654][T15722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  542.273732][T15722] Call Trace:
[  542.277018][T15722]  <TASK>
[  542.279948][T15722]  dump_stack_lvl+0xcd/0x134
[  542.284583][T15722]  should_fail.cold+0x5/0xa
[  542.289128][T15722]  should_failslab+0x5/0x10
[  542.293668][T15722]  kmem_cache_alloc_bulk+0x4b/0x720
[  542.298905][T15722]  io_submit_sqes.cold+0x1b9/0x3f2
[  542.304062][T15722]  ? find_held_lock+0x2d/0x110
[  542.308854][T15722]  ? io_apoll_task_func+0x270/0x270
[  542.314096][T15722]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  542.319924][T15722]  __do_sys_io_uring_enter+0x119b/0x21d0
[  542.325597][T15722]  ? io_submit_sqes+0x98b0/0x98b0
[  542.330650][T15722]  ? find_held_lock+0x2d/0x110
[  542.335440][T15722]  ? __context_tracking_exit+0xb8/0xe0
[  542.340924][T15722]  ? lock_downgrade+0x6e0/0x6e0
[  542.345801][T15722]  ? lock_downgrade+0x6e0/0x6e0
[  542.350693][T15722]  ? syscall_enter_from_user_mode+0x21/0x70
[  542.356618][T15722]  do_syscall_64+0x35/0xb0
[  542.361073][T15722]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  542.366990][T15722] RIP: 0033:0x7fb48a0890e9
[  542.371419][T15722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  542.391044][T15722] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  542.399479][T15722] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  542.407464][T15722] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  542.415447][T15722] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  542.423429][T15722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  542.431415][T15722] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  542.439419][T15722]  </TASK>
01:36:53 executing program 3:
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000000)={0x2b, 0x8, '\x00', [@generic={0x0, 0x3c, "87a5b1e1014bfd5d3e5f8d05e2f7e7f935e1bb4ab12ec05eb091a9ec42910fde8f10d8cf8f2da23f8c7cbca7dee5e4a4aa68242968c021cd5aec19f3"}, @jumbo={0xc2, 0x4, 0x2a}]}, 0x50)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb0800450000280000ebffff0590780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c0200b840e2bfde"], 0x0)

01:36:53 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xffe3, 0x0, 0x0, 0x200000000000000)

01:36:53 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x7a}, 0x0, 0x0)

01:36:53 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000))
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x10100, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0)
listen(r2, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='dz\x00\x00\x00\x00\x00\x00'], 0x0)

01:36:53 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0xe}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  542.630313][T15729] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.683067][T15732] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:53 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 23)

01:36:53 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000))
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x10100, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0)
listen(r2, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='dz\x00\x00\x00\x00\x00\x00'], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x10100, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0) (async)
listen(r2, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='dz\x00\x00\x00\x00\x00\x00'], 0x0) (async)

[  542.742896][T15729] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:53 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xffe3, 0x0, 0x0, 0x200000000000000)

[  542.837106][T15737] FAULT_INJECTION: forcing a failure.
[  542.837106][T15737] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  542.889348][T15737] CPU: 1 PID: 15737 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  542.899884][T15737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  542.909936][T15737] Call Trace:
[  542.913224][T15737]  <TASK>
[  542.916160][T15737]  dump_stack_lvl+0xcd/0x134
[  542.920790][T15737]  should_fail.cold+0x5/0xa
[  542.925293][T15737]  prepare_alloc_pages+0x17b/0x570
[  542.930405][T15737]  __alloc_pages+0x12f/0x500
[  542.936119][T15737]  ? __alloc_pages_slowpath.constprop.0+0x20e0/0x20e0
[  542.942886][T15737]  ? kmem_cache_alloc_bulk+0x21c/0x720
[  542.948350][T15737]  alloc_pages+0x1aa/0x310
[  542.952802][T15737]  ? mark_held_locks+0x9f/0xe0
[  542.957585][T15737]  allocate_slab+0x26c/0x3c0
[  542.962182][T15737]  ___slab_alloc+0x8df/0xf20
[  542.966788][T15737]  ? io_submit_sqes.cold+0x1b9/0x3f2
[  542.972092][T15737]  ? mark_held_locks+0x9f/0xe0
[  542.976865][T15737]  kmem_cache_alloc_bulk+0x21c/0x720
[  542.982166][T15737]  io_submit_sqes.cold+0x1b9/0x3f2
[  542.987309][T15737]  ? find_held_lock+0x2d/0x110
[  542.992089][T15737]  ? io_apoll_task_func+0x270/0x270
[  542.997302][T15737]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  543.003097][T15737]  __do_sys_io_uring_enter+0x119b/0x21d0
[  543.008738][T15737]  ? io_submit_sqes+0x98b0/0x98b0
[  543.013768][T15737]  ? find_held_lock+0x2d/0x110
[  543.018523][T15737]  ? __context_tracking_exit+0xb8/0xe0
[  543.023977][T15737]  ? lock_downgrade+0x6e0/0x6e0
[  543.028829][T15737]  ? lock_downgrade+0x6e0/0x6e0
[  543.033698][T15737]  ? syscall_enter_from_user_mode+0x21/0x70
[  543.039587][T15737]  do_syscall_64+0x35/0xb0
[  543.044002][T15737]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  543.049886][T15737] RIP: 0033:0x7fb48a0890e9
[  543.054288][T15737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  543.074143][T15737] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  543.082547][T15737] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
01:36:54 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0xc0}, 0x0, 0x0)

[  543.090511][T15737] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  543.098472][T15737] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  543.106429][T15737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  543.114498][T15737] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  543.122475][T15737]  </TASK>
01:36:54 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x10100, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0) (async, rerun: 32)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0)
listen(r2, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='dz\x00\x00\x00\x00\x00\x00'], 0x0)

01:36:54 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0xf}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  543.237748][T15752] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  543.280673][T15755] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:54 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 24)

[  543.373180][T15752] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  543.437506][T15762] FAULT_INJECTION: forcing a failure.
[  543.437506][T15762] name failslab, interval 1, probability 0, space 0, times 0
[  543.478910][T15762] CPU: 1 PID: 15762 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  543.489458][T15762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  543.499517][T15762] Call Trace:
[  543.502799][T15762]  <TASK>
[  543.505745][T15762]  dump_stack_lvl+0xcd/0x134
[  543.510335][T15762]  should_fail.cold+0x5/0xa
[  543.514834][T15762]  ? memcg_alloc_slab_cgroups+0x8b/0x140
[  543.520459][T15762]  should_failslab+0x5/0x10
[  543.524954][T15762]  __kmalloc_node+0x75/0x390
[  543.529538][T15762]  memcg_alloc_slab_cgroups+0x8b/0x140
[  543.534992][T15762]  allocate_slab+0x2c9/0x3c0
[  543.539580][T15762]  ___slab_alloc+0x8df/0xf20
[  543.544201][T15762]  ? io_submit_sqes.cold+0x1b9/0x3f2
[  543.549515][T15762]  ? mark_held_locks+0x9f/0xe0
[  543.554301][T15762]  kmem_cache_alloc_bulk+0x21c/0x720
[  543.559587][T15762]  io_submit_sqes.cold+0x1b9/0x3f2
[  543.564726][T15762]  ? find_held_lock+0x2d/0x110
[  543.569504][T15762]  ? io_apoll_task_func+0x270/0x270
[  543.574708][T15762]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  543.580508][T15762]  __do_sys_io_uring_enter+0x119b/0x21d0
[  543.586149][T15762]  ? io_submit_sqes+0x98b0/0x98b0
[  543.591172][T15762]  ? find_held_lock+0x2d/0x110
[  543.595936][T15762]  ? __context_tracking_exit+0xb8/0xe0
[  543.601404][T15762]  ? lock_downgrade+0x6e0/0x6e0
[  543.606279][T15762]  ? lock_downgrade+0x6e0/0x6e0
[  543.611138][T15762]  ? syscall_enter_from_user_mode+0x21/0x70
[  543.617034][T15762]  do_syscall_64+0x35/0xb0
[  543.621448][T15762]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  543.627349][T15762] RIP: 0033:0x7fb48a0890e9
[  543.631759][T15762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  543.651359][T15762] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  543.659939][T15762] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  543.667904][T15762] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
01:36:54 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000000))
listen(r0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='veno\x00', 0x5)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbabbb08004500e72800000000000000780a010102ac1414aa9beec95d76c662b80e2a00004e220ba13d1c222c9c4b9f26d584dd0eee1930809e", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c0200009878d216192d22665287830000"], 0x0)

[  543.675866][T15762] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  543.683832][T15762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  543.691796][T15762] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  543.699772][T15762]  </TASK>
01:36:54 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x80000, 0x0, 0x0, 0x200000000000000)

01:36:54 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x11}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:54 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000000))
listen(r0, 0x0) (async, rerun: 32)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='veno\x00', 0x5) (rerun: 32)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbabbb08004500e72800000000000000780a010102ac1414aa9beec95d76c662b80e2a00004e220ba13d1c222c9c4b9f26d584dd0eee1930809e", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c0200009878d216192d22665287830000"], 0x0)

01:36:54 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0)

[  543.868188][T15769] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:54 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000000)) (async, rerun: 64)
listen(r0, 0x0) (rerun: 64)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='veno\x00', 0x5) (async, rerun: 32)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbabbb08004500e72800000000000000780a010102ac1414aa9beec95d76c662b80e2a00004e220ba13d1c222c9c4b9f26d584dd0eee1930809e", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c0200009878d216192d22665287830000"], 0x0) (rerun: 32)

01:36:54 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x80000, 0x0, 0x0, 0x200000000000000)

[  544.025551][T15777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:54 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 25)

[  544.069561][T15777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:55 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @random="557d6f5401d1", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @multicast1, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x3}}}}}}, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @rand_addr=0x64010100}, 0x10)

01:36:55 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @random="557d6f5401d1", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @multicast1, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x3}}}}}}, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @rand_addr=0x64010100}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @random="557d6f5401d1", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @multicast1, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x3}}}}}}, 0x0) (async)
pipe2(&(0x7f0000000040), 0x0) (async)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @rand_addr=0x64010100}, 0x10) (async)

01:36:55 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x12}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  544.191599][T15780] FAULT_INJECTION: forcing a failure.
[  544.191599][T15780] name failslab, interval 1, probability 0, space 0, times 0
[  544.268059][T15789] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  544.288131][T15780] CPU: 1 PID: 15780 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  544.298654][T15780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  544.308717][T15780] Call Trace:
[  544.311997][T15780]  <TASK>
[  544.314917][T15780]  dump_stack_lvl+0xcd/0x134
[  544.319511][T15780]  should_fail.cold+0x5/0xa
[  544.324044][T15780]  should_failslab+0x5/0x10
[  544.328541][T15780]  kmem_cache_alloc_bulk+0x4b/0x720
[  544.333737][T15780]  io_submit_sqes.cold+0x1b9/0x3f2
[  544.338868][T15780]  ? find_held_lock+0x2d/0x110
[  544.343642][T15780]  ? io_apoll_task_func+0x270/0x270
[  544.348836][T15780]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  544.354644][T15780]  __do_sys_io_uring_enter+0x119b/0x21d0
[  544.360272][T15780]  ? io_submit_sqes+0x98b0/0x98b0
[  544.365284][T15780]  ? find_held_lock+0x2d/0x110
[  544.370041][T15780]  ? __context_tracking_exit+0xb8/0xe0
[  544.375488][T15780]  ? lock_downgrade+0x6e0/0x6e0
[  544.380327][T15780]  ? lock_downgrade+0x6e0/0x6e0
[  544.385173][T15780]  ? syscall_enter_from_user_mode+0x21/0x70
[  544.391058][T15780]  do_syscall_64+0x35/0xb0
[  544.395515][T15780]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  544.401396][T15780] RIP: 0033:0x7fb48a0890e9
[  544.405798][T15780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  544.425391][T15780] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  544.433788][T15780] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  544.441741][T15780] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  544.449694][T15780] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  544.457648][T15780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
01:36:55 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @random="557d6f5401d1", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @multicast1, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x3}}}}}}, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @rand_addr=0x64010100}, 0x10)

[  544.465601][T15780] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  544.473567][T15780]  </TASK>
01:36:55 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x2}, 0x0, 0x0)

01:36:55 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xf0ffff, 0x0, 0x0, 0x200000000000000)

01:36:55 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000000)=0x3, 0x4)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:55 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 26)

01:36:55 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x14}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  544.729051][T15797] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  544.767953][T15797] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:55 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0)
setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000000)=0x3, 0x4)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
pipe2(&(0x7f0000000040), 0x0) (async)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async)
setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000000)=0x3, 0x4) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)

[  544.810046][T15801] FAULT_INJECTION: forcing a failure.
[  544.810046][T15801] name failslab, interval 1, probability 0, space 0, times 0
[  544.826808][T15803] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  544.933926][T15801] CPU: 1 PID: 15801 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  544.944476][T15801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  544.954547][T15801] Call Trace:
[  544.957837][T15801]  <TASK>
[  544.960784][T15801]  dump_stack_lvl+0xcd/0x134
[  544.970269][T15801]  should_fail.cold+0x5/0xa
[  544.974806][T15801]  should_failslab+0x5/0x10
[  544.979309][T15801]  kmem_cache_alloc_bulk+0x4b/0x720
[  544.984544][T15801]  io_submit_sqes.cold+0x1b9/0x3f2
[  544.989704][T15801]  ? find_held_lock+0x2d/0x110
[  544.994497][T15801]  ? io_apoll_task_func+0x270/0x270
[  544.999736][T15801]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  545.005558][T15801]  __do_sys_io_uring_enter+0x119b/0x21d0
[  545.011204][T15801]  ? io_submit_sqes+0x98b0/0x98b0
[  545.016218][T15801]  ? find_held_lock+0x2d/0x110
[  545.020976][T15801]  ? __context_tracking_exit+0xb8/0xe0
[  545.026430][T15801]  ? lock_downgrade+0x6e0/0x6e0
[  545.031377][T15801]  ? lock_downgrade+0x6e0/0x6e0
[  545.036241][T15801]  ? syscall_enter_from_user_mode+0x21/0x70
[  545.042127][T15801]  do_syscall_64+0x35/0xb0
[  545.046534][T15801]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  545.052414][T15801] RIP: 0033:0x7fb48a0890e9
[  545.056814][T15801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  545.076404][T15801] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  545.084801][T15801] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  545.093001][T15801] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  545.100977][T15801] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  545.108991][T15801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  545.116969][T15801] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  545.124946][T15801]  </TASK>
01:36:56 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xf0ffff, 0x0, 0x0, 0x200000000000000)

01:36:56 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x3ffffffe}}, 0x0) (async)
setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000000)=0x3, 0x4) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:56 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x11, &(0x7f0000000000)=0x1, 0x4)

01:36:56 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x11, &(0x7f0000000000)=0x1, 0x4)

01:36:56 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x3}, 0x0, 0x0)

01:36:56 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x15}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:56 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 27)

[  545.405836][T15828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  545.454944][T15831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  545.479561][T15828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  545.574555][T15832] FAULT_INJECTION: forcing a failure.
[  545.574555][T15832] name failslab, interval 1, probability 0, space 0, times 0
[  545.644613][T15832] CPU: 1 PID: 15832 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  545.655163][T15832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  545.665211][T15832] Call Trace:
[  545.668482][T15832]  <TASK>
[  545.671400][T15832]  dump_stack_lvl+0xcd/0x134
[  545.676005][T15832]  should_fail.cold+0x5/0xa
[  545.680506][T15832]  should_failslab+0x5/0x10
[  545.685001][T15832]  kmem_cache_alloc_bulk+0x4b/0x720
[  545.690207][T15832]  io_submit_sqes.cold+0x1b9/0x3f2
[  545.695361][T15832]  ? find_held_lock+0x2d/0x110
[  545.700141][T15832]  ? io_apoll_task_func+0x270/0x270
[  545.705340][T15832]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  545.711138][T15832]  __do_sys_io_uring_enter+0x119b/0x21d0
[  545.716775][T15832]  ? io_submit_sqes+0x98b0/0x98b0
[  545.721790][T15832]  ? find_held_lock+0x2d/0x110
[  545.726552][T15832]  ? __context_tracking_exit+0xb8/0xe0
[  545.732013][T15832]  ? lock_downgrade+0x6e0/0x6e0
[  545.741473][T15832]  ? lock_downgrade+0x6e0/0x6e0
[  545.746331][T15832]  ? syscall_enter_from_user_mode+0x21/0x70
[  545.752230][T15832]  do_syscall_64+0x35/0xb0
[  545.756674][T15832]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  545.762568][T15832] RIP: 0033:0x7fb48a0890e9
[  545.766975][T15832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  545.786575][T15832] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  545.794982][T15832] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  545.802970][T15832] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  545.810937][T15832] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  545.818910][T15832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  545.826889][T15832] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  545.834877][T15832]  </TASK>
01:36:56 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x1000000, 0x0, 0x0, 0x200000000000000)

01:36:56 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x11, &(0x7f0000000000)=0x1, 0x4)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
setsockopt$inet_tcp_int(r0, 0x6, 0x11, &(0x7f0000000000)=0x1, 0x4) (async)

01:36:56 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x16}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  545.926439][T15838] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:56 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
writev(r0, &(0x7f0000000140)=[{&(0x7f00000003c0)="3eaf7ca76dc90b250ce505bbbef187348d9d51fc556e3c546a36c7b6064067463f0a310d6f08e8cdd6f5c3254a32da9328fa289c7456c9211e82d34647ecac4145f06c9ff03d80fc7b788d65c0e6811f29d666af5e2583489f58b568905a7ba8dd87419182b6c73e294e3c018c75d6b3ca971f4e729054a4df6d37692a4465360f3f12b16e4534eb5791de4008c45891d570fb2c30a13b8ac991141bd170c52b292bf9ca0d90575dad6c89c4bd3a661b2812aea378de64295c37ad2a9c403f9618ce645fb98371bd198b2f084370ef98be1d2386d454dbc6255f5e24a76b28b351fe6246b6b2337b58b7004e3fb6ed7863f76eaf4c6eed68a64821507e2e9e00dfc2670b999e733b3293c6ac5f165673377ada08964a83d8c3665f0e16a48e9ba314b0104b98ee8b63a02fccf610cdfe7e7172af2b0788f72cc1294e147753b5893dea2c836e78a83c717ad2dbdaf45ac42f626a9899ce3b2fa984134e408bb546c4cc4620951e2365039ae8b8a079332a3625a6f0b447919ffa58fb87ce8b8752d5640c8195ad72e5e786dc56265ea0eb3307fc7879aece787587839b0061e75b31193a939d763da1d285bd8012bdb312d18adff9dd4de38dcbceeda022de042cbf289099776ee7b4eea1a52024570cef30975a76ece0f613a7779693ae0a031b635b35b892dd132e990da5eae710a05dde24405dbeeb4b6436dffdc290f51a1e805b34d5bee66dad856091077af784145afa44d9813c6efe62f546755ea98a1342e8fb797ec7b4e849a38a44c57fc6ea04bbf400a04dac20dc664f6267192b9c9dfad84afc54b1993a2a1b316e4527d115e25c4e6cc86359e1b1d8745ae4320941d7cf33a3bfda2135644205d674185297c022b55dea89592dbaa0281fe7b83e5c4394aed9811d87631fa22d6262b3817a71d8624bb6cbf4b92ecec80267a49157d2f83af8752a4606db486a1d1f8abec1e0776017e51595563a1517fbba9b3b54630c95c01c7632cacc5b6276d6a89c4c0e9a20ee1c4d54ec58cbea855a674b02e205a0aad83888f1e77f5aec3fe07416908bd7f41ca7a543b4de16b0133acc56a931d0b51b98b7edfb9d3828ac1e2ccd24d4123ae742a55ab0fcd247110f5279bab4c84a3e55f92d6b39b765f667a736c9bd4f5544ed14476e4bf66c79d1c44d4b72a6331ca563202ba5064fdf7d220b4c47463765fbf9ba8aa949cf6f25ea38207bfbc2a8fbf6208d11eecace1bade3496d1ab77c834180437ae79371182d03a80cbaa3e84d2a88f9b0b1f61d652ab00b6e9c37d0addfb0b134198117ebf16ca6f447daf3f23d6f8b0aa8bc5c2cd3f3c26b910834a5d3cb192a88f5d2664f8a08000d7e3a4b182f3ef3b6912ee5d161fa53c0dd52bc708ac55329edfe287e01588f2fce600135dbc9aef24925459b53fe5a7f4e7951ae1075837fbcd49a118d5124294d31bd792a0034f1d364260c5635a20f1d99a96386da9bbf162dd8de555dbd4b81219c314600d0212a530140ead431a0a84152fd71c4ffe7c16812cb036c814f2d68738622ed5932070dd6b0e98da930917f80db421eed35fb6afefd7e3f22052da512815a4c922341538380e47df9fd3830a65eec6703709755e15e96dec3ebe16c64cce50b8740675a5c1ce8f7a8ad0750082990d85c17ca21b9032589556bf1e96ae70acce2a35fa9e900d3c9f5600f3d4dd4ef47ff658cef656daac3f50f51e355da380e1e00fc0e24fe10adbd5ef7079479d2d067129d4a6c4114f5a82d42fbda1f902cf3b58ca080a3efdabbdae69a55ba64a991b15aedb79d6d4b3953f579c0578a58dfa09f47925cf205b13b0f62c713b440182fab6f9f7a6f63cb632c93cb7430e13c1195bfc925ecf07eab68cf76898912eb557b919f0322ef74dc79e1c943e4f01eeb27a2dd295c8f44756cd40db63a0103094642d92d591a5d5f4c2a376ed7df5716e21a96cb2152525ced6f4b6c31571fd93550a6fc3a9945433c8e2ad4c9261e6866fffd1827542e1830ce80ac3a3002f4b9381eaa685b9ddbc9adb3295536deabf74744c54f6cd08dd0ece32572b316b212849321214fc5b7090b346e620136ca33a89c49b718ddad8bd425d61db2f5b272143b27a61c68604744311c7283825e2f03751d4d8392e0fdefda8bd0c54674cd7792ec4ae32195ced9d7c4466e524e0e87c1aa5fd9dd42879a4d8c70b5e1d57205961d64f2122f755b7bf752a7f7aa5e91400074c324a8b6e804553a830b2a10be3dcb7e7c204c0c6a0552523805347bc12cf2017d6fc356ca90dab86770dabfc1b46b7a80b992a7294e37b76ef2d76d6d4e3063fc2a7bf8f68ebd49729f6e43baf8ec29df9ed37e8aa0926c0278492d369190d06c3aee848e8b9b98c80de0d179cb0085a9a35c80a454a2999363090190e90738118c2e5b4a89f648426cda15f645c3047172fd33e26e3e7204d757059505789f1a4dfde8b06921d56671cd1f150632277a03bf19f0a00ae1a4f25c0ccf31241f4eca6fb04f6dc2f5ce9b4c7fe9069ba7a3ee83c968d7e457b368a51eb67866b6404431d31caec60c46d3df3d73f56c6e55e82e26dc74859a8fb5dee39703a7ca2151093709d44ec8bab994f5cbd255f61df066a3900794822d3997cb90622da5395706e7622469fce4e96022325f9a3d3bd0643c17211b3398081021511da6702bbcc8f46f3d0278d09e9d460de7bd942e60560ec36abe9f8584342d0de0e4dca78b06a3f4132aa55858f4dbcc39b4804549b3cf4ed2708cb7b33582afa22890c91f0f308e5a8fa39c9da94bdbbd43229671d85992b860d6a0584ef4acc1671556ce606c7f4fa09591de0ca8ab924011e45e898c12843347f4ced8cd1c2d2e865693338e9a9cdb3ae498ac952b7a997fbc2a931d6479c3f8d37a9294c4af56077731be70ad8d49976e657a2ab1d899b67bf84d3c088a10c742110787d9bdac844c0374034bb291378f4128f21fbfaac43281984d692647d24a18e9986be920d888feee567e1cd859c8a2070f5d7dac10c7cf25e0be266bd84e32f7e7e4ddbf741b7d57fe8aa392d0146e7a15b86e8199825b312370668faa6f7afd2e860d5c80b8d7163e1219a442aab094f36bd85f61fcf49870a8476662aa8cd3b608be3b31ef089f7d60288ad8fc9272f6371a1ca9495bc7397fc512fd95740a169a0b213f4c1169cee75001d2760e9c09ec99ea47b32a4cea0d11bca20edb0b43393c63ac4bd2e31818ad1dfb55d4a051991db2d72ab214d8e33c366f9dee9a3c7e33b2ab0beb85dda65bc20565ad9088da87b3c87a7564a1deebff4e6ec56a102f2977b40379e0fda62960763810301c8e0ce427880b1c65a45594362aec4df82443def88ea232e8bb2b1b166d9798d39f0690c3c60cc7562e62748bc26dc0bd88c334ed55f8a3418e8532b2ac2e706bdc504c155d4aa334730f3e2186f25212195f39a2ea8c923bf8be2e49640470c801dc047a701f7ba746a79bd17b427b2555987e98b803dbfa9512434a4c0aaf0615a3fc76025345b79f7b5b23e00cb3c414dd8b486512503676813ee29c33ba17fe579f509fa31f2d39a5ef8757aa3ca9ead17592d3bacd41fe37b614fa02b6d77cedbca8f5fea232ea883ad5af8a574ff3c1ad7cf63ae3a23272e0d30c473a75fac255481ce44418960632625eb3a23d4a429d0996dae1e3f07f80912c7b6d16a26f3a5b138d06f282d971544511dd4d49bc933bbbbc9ab6027f9079cfd6827972bec39b2321c097617e24ef90002b5c82f50e08f4857c74e477fae2f03c9871952179b0e5a235abcc9f4d74c3b3b54a2888d59818d14deee70547cd62afe571d1c3236c2483d9fb613f9079614d9cdbb121b48d785e76f9c31f0163748251d8a301a94568dde39a2101eb927d44f193e4d51717f35a52d05a314c70925b226c3296770da39736c09d062cad5d996241255bd85827b6e13246dde79a37eb9da781493272866b2b7688649a61a0ceb8bf96b81eabb1957c035a7560376722818e6a106af7d7bd73626845707647175ed4801b01a25986b32c6897d9a870fbbd8fd635895134e2c5eff5ac228e6c37bea753061b852ef6a51ea0a0d5c728e662776afc94bdedcf947df338ef2e67691201ac2569cf87a8ff66f32484899c208906e436be887d59275b5fe4c568a75b4cc79b0dd67d29c5a0dbd52c168684f4d044560db05da43536f1447c3b71bab0a709b5b0bcb10e576b95277d55fd10f9213be242e47b9940b5a45b37aac3d13540da9cd7effe3d0b1f722053b397c0edafcee430ea7461978ec5df9852d262e46d3ccb6c39629935d22e7ecc4f90b1ce62631d2ad54977a25d28dae1af63dcb311f340ffe2eb766265c089cbaee66c50d5ce63922e21fff74c1b7eb69841441be6956bf558d00928f4eae4a6280ca9022f5d2c206ba14579b3ecd1581f3053aca4a7614cc75d0c0223c326acc01c91230e3a940faf1184d0298fa6da7685517f36563818788bf7d071c6efd30cfc75a1df0cc3016d86b4cbc1956d2586e33d3f5ed349824055635e3c18dae075f2e41572ef36d569e90a2fb823b547805b9762411900e9486b193feb3971d5f50b483c2919c7784cdfd3ceefcd134b6ce5fe3c56a431f04ad90115b4991c551a9b0069a7d5fc1687d4a073b7eb116dc8764b7638d857b9c90246af8676ca2666b48148553fffefd85ee57331346d0f45b1dd4ea91385d2b74da7ee9b2047dc4523e62e8bb4f4e9454ac85afd86c2745e2b2a5ee3b9a37aaa227b51c7a74cca272a9c6687192ce303fb6740e891f0105485a60b4454b80478935727acfac9b9f2561cf15426f094be4ec83778ac27c10d61eb49e2a5f2b3bb60a700d383040712dda7d30da166a31050496b33da0c5f495313d4765f28c4a3c70c67f72a2c47cef7deface3408d3d37437294e32c4fc6fe129a2bcc5f5525b97e0af4e59c38b0ea942f9d9ac1695a7363aadbcde7160035c755b3dd53e3148d388d235e2f198d5090687423bdaef79c7322871147ee2bec1f64c3042e3d293b19a414f8c1827f34d6a1bba8fe607166e377da0caf20698216529510af0bba0e7b5500858b2c30d55abff8a8c556a4d518e5d92f758f19f16582608288be4e78256e8cc1dda750c1e19da2cc7ea8def0cb90a17a73f9f9d890f09a2538665459d313a6e675d40a00653086f617f8e4df035b44f87db791ccf092ee49426d27f34b12ef80278d6a77ab2c017453821d4ba58f31c523a9d4956f98e687996be7319783d551781346cf3564231a27f9366e941c054c9824c7821a483a12f80d030df765bed75de8519000538dd51d4a464e068093ef53439116029784f12c58f209f06ac74acb27d5d79fd546700d7acb7fd9f4967a308787c1249645a8bbd1a44dd266f404bf5f3d4a2d7693c67184cbc9de0526404d498838ab0ac35bb792e7330ad23b6119fe711e15d8e4319833c9b74b6a51d1ca41fa80b9101a4bc7ca0434e6742f7ae4d728d9f80fffc043f13b888f60dd3de8aa3ec579551b28481b49036bb3f80e1cea6541fd16449a2435ec32a10636fdc76a3f17e54fd1bf53436dcf5ded1d59663219c02fd95e2d97e6b1d478faeb5ba77d601d1d8957abbc0e2434f0c209a691d61c8e5bc81a8955c99bada5a61cf4527d5ba12ff9a97eaa6f826bd10eeba1e8275a29413f8aa92c33f1ff817ef081436ece7044ae8ddd00490050be13c8d43fc4617b8333619b5b5d5e0690a3a87800cfcd1704d73b390c57b74c464977394ead66f5b0d1799635f91", 0x1000}, {&(0x7f00000000c0)="74a1054864d5fd", 0x7}, {&(0x7f0000000100)="31ba73e39c4d2fab2890e242c68489594b502065aedd6a022872a343863c9b64824acc0f2346eb880fb57929af92", 0x2e}], 0x3)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8200010008a53e1277aa8c26dd17073918e9dd27fc73512f2da51d63c52572778044df1870b7fcc8e5137b38ddcde89efac22f627fc9fe92349f0b6e2071e87d310f853c2b35afdb374f60a643ef55b4be9469c5209570095d9d1f88659bd14d28"], 0x0)

01:36:56 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x4}, 0x0, 0x0)

01:36:57 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x1000000, 0x0, 0x0, 0x200000000000000)

01:36:57 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 28)

01:36:57 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
writev(r0, &(0x7f0000000140)=[{&(0x7f00000003c0)="3eaf7ca76dc90b250ce505bbbef187348d9d51fc556e3c546a36c7b6064067463f0a310d6f08e8cdd6f5c3254a32da9328fa289c7456c9211e82d34647ecac4145f06c9ff03d80fc7b788d65c0e6811f29d666af5e2583489f58b568905a7ba8dd87419182b6c73e294e3c018c75d6b3ca971f4e729054a4df6d37692a4465360f3f12b16e4534eb5791de4008c45891d570fb2c30a13b8ac991141bd170c52b292bf9ca0d90575dad6c89c4bd3a661b2812aea378de64295c37ad2a9c403f9618ce645fb98371bd198b2f084370ef98be1d2386d454dbc6255f5e24a76b28b351fe6246b6b2337b58b7004e3fb6ed7863f76eaf4c6eed68a64821507e2e9e00dfc2670b999e733b3293c6ac5f165673377ada08964a83d8c3665f0e16a48e9ba314b0104b98ee8b63a02fccf610cdfe7e7172af2b0788f72cc1294e147753b5893dea2c836e78a83c717ad2dbdaf45ac42f626a9899ce3b2fa984134e408bb546c4cc4620951e2365039ae8b8a079332a3625a6f0b447919ffa58fb87ce8b8752d5640c8195ad72e5e786dc56265ea0eb3307fc7879aece787587839b0061e75b31193a939d763da1d285bd8012bdb312d18adff9dd4de38dcbceeda022de042cbf289099776ee7b4eea1a52024570cef30975a76ece0f613a7779693ae0a031b635b35b892dd132e990da5eae710a05dde24405dbeeb4b6436dffdc290f51a1e805b34d5bee66dad856091077af784145afa44d9813c6efe62f546755ea98a1342e8fb797ec7b4e849a38a44c57fc6ea04bbf400a04dac20dc664f6267192b9c9dfad84afc54b1993a2a1b316e4527d115e25c4e6cc86359e1b1d8745ae4320941d7cf33a3bfda2135644205d674185297c022b55dea89592dbaa0281fe7b83e5c4394aed9811d87631fa22d6262b3817a71d8624bb6cbf4b92ecec80267a49157d2f83af8752a4606db486a1d1f8abec1e0776017e51595563a1517fbba9b3b54630c95c01c7632cacc5b6276d6a89c4c0e9a20ee1c4d54ec58cbea855a674b02e205a0aad83888f1e77f5aec3fe07416908bd7f41ca7a543b4de16b0133acc56a931d0b51b98b7edfb9d3828ac1e2ccd24d4123ae742a55ab0fcd247110f5279bab4c84a3e55f92d6b39b765f667a736c9bd4f5544ed14476e4bf66c79d1c44d4b72a6331ca563202ba5064fdf7d220b4c47463765fbf9ba8aa949cf6f25ea38207bfbc2a8fbf6208d11eecace1bade3496d1ab77c834180437ae79371182d03a80cbaa3e84d2a88f9b0b1f61d652ab00b6e9c37d0addfb0b134198117ebf16ca6f447daf3f23d6f8b0aa8bc5c2cd3f3c26b910834a5d3cb192a88f5d2664f8a08000d7e3a4b182f3ef3b6912ee5d161fa53c0dd52bc708ac55329edfe287e01588f2fce600135dbc9aef24925459b53fe5a7f4e7951ae1075837fbcd49a118d5124294d31bd792a0034f1d364260c5635a20f1d99a96386da9bbf162dd8de555dbd4b81219c314600d0212a530140ead431a0a84152fd71c4ffe7c16812cb036c814f2d68738622ed5932070dd6b0e98da930917f80db421eed35fb6afefd7e3f22052da512815a4c922341538380e47df9fd3830a65eec6703709755e15e96dec3ebe16c64cce50b8740675a5c1ce8f7a8ad0750082990d85c17ca21b9032589556bf1e96ae70acce2a35fa9e900d3c9f5600f3d4dd4ef47ff658cef656daac3f50f51e355da380e1e00fc0e24fe10adbd5ef7079479d2d067129d4a6c4114f5a82d42fbda1f902cf3b58ca080a3efdabbdae69a55ba64a991b15aedb79d6d4b3953f579c0578a58dfa09f47925cf205b13b0f62c713b440182fab6f9f7a6f63cb632c93cb7430e13c1195bfc925ecf07eab68cf76898912eb557b919f0322ef74dc79e1c943e4f01eeb27a2dd295c8f44756cd40db63a0103094642d92d591a5d5f4c2a376ed7df5716e21a96cb2152525ced6f4b6c31571fd93550a6fc3a9945433c8e2ad4c9261e6866fffd1827542e1830ce80ac3a3002f4b9381eaa685b9ddbc9adb3295536deabf74744c54f6cd08dd0ece32572b316b212849321214fc5b7090b346e620136ca33a89c49b718ddad8bd425d61db2f5b272143b27a61c68604744311c7283825e2f03751d4d8392e0fdefda8bd0c54674cd7792ec4ae32195ced9d7c4466e524e0e87c1aa5fd9dd42879a4d8c70b5e1d57205961d64f2122f755b7bf752a7f7aa5e91400074c324a8b6e804553a830b2a10be3dcb7e7c204c0c6a0552523805347bc12cf2017d6fc356ca90dab86770dabfc1b46b7a80b992a7294e37b76ef2d76d6d4e3063fc2a7bf8f68ebd49729f6e43baf8ec29df9ed37e8aa0926c0278492d369190d06c3aee848e8b9b98c80de0d179cb0085a9a35c80a454a2999363090190e90738118c2e5b4a89f648426cda15f645c3047172fd33e26e3e7204d757059505789f1a4dfde8b06921d56671cd1f150632277a03bf19f0a00ae1a4f25c0ccf31241f4eca6fb04f6dc2f5ce9b4c7fe9069ba7a3ee83c968d7e457b368a51eb67866b6404431d31caec60c46d3df3d73f56c6e55e82e26dc74859a8fb5dee39703a7ca2151093709d44ec8bab994f5cbd255f61df066a3900794822d3997cb90622da5395706e7622469fce4e96022325f9a3d3bd0643c17211b3398081021511da6702bbcc8f46f3d0278d09e9d460de7bd942e60560ec36abe9f8584342d0de0e4dca78b06a3f4132aa55858f4dbcc39b4804549b3cf4ed2708cb7b33582afa22890c91f0f308e5a8fa39c9da94bdbbd43229671d85992b860d6a0584ef4acc1671556ce606c7f4fa09591de0ca8ab924011e45e898c12843347f4ced8cd1c2d2e865693338e9a9cdb3ae498ac952b7a997fbc2a931d6479c3f8d37a9294c4af56077731be70ad8d49976e657a2ab1d899b67bf84d3c088a10c742110787d9bdac844c0374034bb291378f4128f21fbfaac43281984d692647d24a18e9986be920d888feee567e1cd859c8a2070f5d7dac10c7cf25e0be266bd84e32f7e7e4ddbf741b7d57fe8aa392d0146e7a15b86e8199825b312370668faa6f7afd2e860d5c80b8d7163e1219a442aab094f36bd85f61fcf49870a8476662aa8cd3b608be3b31ef089f7d60288ad8fc9272f6371a1ca9495bc7397fc512fd95740a169a0b213f4c1169cee75001d2760e9c09ec99ea47b32a4cea0d11bca20edb0b43393c63ac4bd2e31818ad1dfb55d4a051991db2d72ab214d8e33c366f9dee9a3c7e33b2ab0beb85dda65bc20565ad9088da87b3c87a7564a1deebff4e6ec56a102f2977b40379e0fda62960763810301c8e0ce427880b1c65a45594362aec4df82443def88ea232e8bb2b1b166d9798d39f0690c3c60cc7562e62748bc26dc0bd88c334ed55f8a3418e8532b2ac2e706bdc504c155d4aa334730f3e2186f25212195f39a2ea8c923bf8be2e49640470c801dc047a701f7ba746a79bd17b427b2555987e98b803dbfa9512434a4c0aaf0615a3fc76025345b79f7b5b23e00cb3c414dd8b486512503676813ee29c33ba17fe579f509fa31f2d39a5ef8757aa3ca9ead17592d3bacd41fe37b614fa02b6d77cedbca8f5fea232ea883ad5af8a574ff3c1ad7cf63ae3a23272e0d30c473a75fac255481ce44418960632625eb3a23d4a429d0996dae1e3f07f80912c7b6d16a26f3a5b138d06f282d971544511dd4d49bc933bbbbc9ab6027f9079cfd6827972bec39b2321c097617e24ef90002b5c82f50e08f4857c74e477fae2f03c9871952179b0e5a235abcc9f4d74c3b3b54a2888d59818d14deee70547cd62afe571d1c3236c2483d9fb613f9079614d9cdbb121b48d785e76f9c31f0163748251d8a301a94568dde39a2101eb927d44f193e4d51717f35a52d05a314c70925b226c3296770da39736c09d062cad5d996241255bd85827b6e13246dde79a37eb9da781493272866b2b7688649a61a0ceb8bf96b81eabb1957c035a7560376722818e6a106af7d7bd73626845707647175ed4801b01a25986b32c6897d9a870fbbd8fd635895134e2c5eff5ac228e6c37bea753061b852ef6a51ea0a0d5c728e662776afc94bdedcf947df338ef2e67691201ac2569cf87a8ff66f32484899c208906e436be887d59275b5fe4c568a75b4cc79b0dd67d29c5a0dbd52c168684f4d044560db05da43536f1447c3b71bab0a709b5b0bcb10e576b95277d55fd10f9213be242e47b9940b5a45b37aac3d13540da9cd7effe3d0b1f722053b397c0edafcee430ea7461978ec5df9852d262e46d3ccb6c39629935d22e7ecc4f90b1ce62631d2ad54977a25d28dae1af63dcb311f340ffe2eb766265c089cbaee66c50d5ce63922e21fff74c1b7eb69841441be6956bf558d00928f4eae4a6280ca9022f5d2c206ba14579b3ecd1581f3053aca4a7614cc75d0c0223c326acc01c91230e3a940faf1184d0298fa6da7685517f36563818788bf7d071c6efd30cfc75a1df0cc3016d86b4cbc1956d2586e33d3f5ed349824055635e3c18dae075f2e41572ef36d569e90a2fb823b547805b9762411900e9486b193feb3971d5f50b483c2919c7784cdfd3ceefcd134b6ce5fe3c56a431f04ad90115b4991c551a9b0069a7d5fc1687d4a073b7eb116dc8764b7638d857b9c90246af8676ca2666b48148553fffefd85ee57331346d0f45b1dd4ea91385d2b74da7ee9b2047dc4523e62e8bb4f4e9454ac85afd86c2745e2b2a5ee3b9a37aaa227b51c7a74cca272a9c6687192ce303fb6740e891f0105485a60b4454b80478935727acfac9b9f2561cf15426f094be4ec83778ac27c10d61eb49e2a5f2b3bb60a700d383040712dda7d30da166a31050496b33da0c5f495313d4765f28c4a3c70c67f72a2c47cef7deface3408d3d37437294e32c4fc6fe129a2bcc5f5525b97e0af4e59c38b0ea942f9d9ac1695a7363aadbcde7160035c755b3dd53e3148d388d235e2f198d5090687423bdaef79c7322871147ee2bec1f64c3042e3d293b19a414f8c1827f34d6a1bba8fe607166e377da0caf20698216529510af0bba0e7b5500858b2c30d55abff8a8c556a4d518e5d92f758f19f16582608288be4e78256e8cc1dda750c1e19da2cc7ea8def0cb90a17a73f9f9d890f09a2538665459d313a6e675d40a00653086f617f8e4df035b44f87db791ccf092ee49426d27f34b12ef80278d6a77ab2c017453821d4ba58f31c523a9d4956f98e687996be7319783d551781346cf3564231a27f9366e941c054c9824c7821a483a12f80d030df765bed75de8519000538dd51d4a464e068093ef53439116029784f12c58f209f06ac74acb27d5d79fd546700d7acb7fd9f4967a308787c1249645a8bbd1a44dd266f404bf5f3d4a2d7693c67184cbc9de0526404d498838ab0ac35bb792e7330ad23b6119fe711e15d8e4319833c9b74b6a51d1ca41fa80b9101a4bc7ca0434e6742f7ae4d728d9f80fffc043f13b888f60dd3de8aa3ec579551b28481b49036bb3f80e1cea6541fd16449a2435ec32a10636fdc76a3f17e54fd1bf53436dcf5ded1d59663219c02fd95e2d97e6b1d478faeb5ba77d601d1d8957abbc0e2434f0c209a691d61c8e5bc81a8955c99bada5a61cf4527d5ba12ff9a97eaa6f826bd10eeba1e8275a29413f8aa92c33f1ff817ef081436ece7044ae8ddd00490050be13c8d43fc4617b8333619b5b5d5e0690a3a87800cfcd1704d73b390c57b74c464977394ead66f5b0d1799635f91", 0x1000}, {&(0x7f00000000c0)="74a1054864d5fd", 0x7}, {&(0x7f0000000100)="31ba73e39c4d2fab2890e242c68489594b502065aedd6a022872a343863c9b64824acc0f2346eb880fb57929af92", 0x2e}], 0x3) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8200010008a53e1277aa8c26dd17073918e9dd27fc73512f2da51d63c52572778044df1870b7fcc8e5137b38ddcde89efac22f627fc9fe92349f0b6e2071e87d310f853c2b35afdb374f60a643ef55b4be9469c5209570095d9d1f88659bd14d28"], 0x0)

[  546.166802][T15845] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  546.198408][T15847] FAULT_INJECTION: forcing a failure.
[  546.198408][T15847] name failslab, interval 1, probability 0, space 0, times 0
[  546.220621][T15845] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  546.250845][T15847] CPU: 0 PID: 15847 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  546.261404][T15847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  546.271505][T15847] Call Trace:
[  546.274797][T15847]  <TASK>
[  546.277743][T15847]  dump_stack_lvl+0xcd/0x134
[  546.282359][T15847]  should_fail.cold+0x5/0xa
[  546.286900][T15847]  should_failslab+0x5/0x10
[  546.291446][T15847]  kmem_cache_alloc_bulk+0x4b/0x720
[  546.296688][T15847]  io_submit_sqes.cold+0x1b9/0x3f2
[  546.301847][T15847]  ? find_held_lock+0x2d/0x110
[  546.306636][T15847]  ? io_apoll_task_func+0x270/0x270
[  546.311873][T15847]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  546.317695][T15847]  __do_sys_io_uring_enter+0x119b/0x21d0
[  546.323361][T15847]  ? io_submit_sqes+0x98b0/0x98b0
[  546.328407][T15847]  ? find_held_lock+0x2d/0x110
[  546.333192][T15847]  ? __context_tracking_exit+0xb8/0xe0
[  546.338668][T15847]  ? lock_downgrade+0x6e0/0x6e0
[  546.343631][T15847]  ? lock_downgrade+0x6e0/0x6e0
[  546.348526][T15847]  ? syscall_enter_from_user_mode+0x21/0x70
[  546.354460][T15847]  do_syscall_64+0x35/0xb0
[  546.358907][T15847]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  546.364827][T15847] RIP: 0033:0x7fb48a0890e9
[  546.369273][T15847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  546.388904][T15847] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  546.397424][T15847] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  546.405406][T15847] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  546.413383][T15847] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
01:36:57 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x17}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:57 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
writev(r0, &(0x7f0000000140)=[{&(0x7f00000003c0)="3eaf7ca76dc90b250ce505bbbef187348d9d51fc556e3c546a36c7b6064067463f0a310d6f08e8cdd6f5c3254a32da9328fa289c7456c9211e82d34647ecac4145f06c9ff03d80fc7b788d65c0e6811f29d666af5e2583489f58b568905a7ba8dd87419182b6c73e294e3c018c75d6b3ca971f4e729054a4df6d37692a4465360f3f12b16e4534eb5791de4008c45891d570fb2c30a13b8ac991141bd170c52b292bf9ca0d90575dad6c89c4bd3a661b2812aea378de64295c37ad2a9c403f9618ce645fb98371bd198b2f084370ef98be1d2386d454dbc6255f5e24a76b28b351fe6246b6b2337b58b7004e3fb6ed7863f76eaf4c6eed68a64821507e2e9e00dfc2670b999e733b3293c6ac5f165673377ada08964a83d8c3665f0e16a48e9ba314b0104b98ee8b63a02fccf610cdfe7e7172af2b0788f72cc1294e147753b5893dea2c836e78a83c717ad2dbdaf45ac42f626a9899ce3b2fa984134e408bb546c4cc4620951e2365039ae8b8a079332a3625a6f0b447919ffa58fb87ce8b8752d5640c8195ad72e5e786dc56265ea0eb3307fc7879aece787587839b0061e75b31193a939d763da1d285bd8012bdb312d18adff9dd4de38dcbceeda022de042cbf289099776ee7b4eea1a52024570cef30975a76ece0f613a7779693ae0a031b635b35b892dd132e990da5eae710a05dde24405dbeeb4b6436dffdc290f51a1e805b34d5bee66dad856091077af784145afa44d9813c6efe62f546755ea98a1342e8fb797ec7b4e849a38a44c57fc6ea04bbf400a04dac20dc664f6267192b9c9dfad84afc54b1993a2a1b316e4527d115e25c4e6cc86359e1b1d8745ae4320941d7cf33a3bfda2135644205d674185297c022b55dea89592dbaa0281fe7b83e5c4394aed9811d87631fa22d6262b3817a71d8624bb6cbf4b92ecec80267a49157d2f83af8752a4606db486a1d1f8abec1e0776017e51595563a1517fbba9b3b54630c95c01c7632cacc5b6276d6a89c4c0e9a20ee1c4d54ec58cbea855a674b02e205a0aad83888f1e77f5aec3fe07416908bd7f41ca7a543b4de16b0133acc56a931d0b51b98b7edfb9d3828ac1e2ccd24d4123ae742a55ab0fcd247110f5279bab4c84a3e55f92d6b39b765f667a736c9bd4f5544ed14476e4bf66c79d1c44d4b72a6331ca563202ba5064fdf7d220b4c47463765fbf9ba8aa949cf6f25ea38207bfbc2a8fbf6208d11eecace1bade3496d1ab77c834180437ae79371182d03a80cbaa3e84d2a88f9b0b1f61d652ab00b6e9c37d0addfb0b134198117ebf16ca6f447daf3f23d6f8b0aa8bc5c2cd3f3c26b910834a5d3cb192a88f5d2664f8a08000d7e3a4b182f3ef3b6912ee5d161fa53c0dd52bc708ac55329edfe287e01588f2fce600135dbc9aef24925459b53fe5a7f4e7951ae1075837fbcd49a118d5124294d31bd792a0034f1d364260c5635a20f1d99a96386da9bbf162dd8de555dbd4b81219c314600d0212a530140ead431a0a84152fd71c4ffe7c16812cb036c814f2d68738622ed5932070dd6b0e98da930917f80db421eed35fb6afefd7e3f22052da512815a4c922341538380e47df9fd3830a65eec6703709755e15e96dec3ebe16c64cce50b8740675a5c1ce8f7a8ad0750082990d85c17ca21b9032589556bf1e96ae70acce2a35fa9e900d3c9f5600f3d4dd4ef47ff658cef656daac3f50f51e355da380e1e00fc0e24fe10adbd5ef7079479d2d067129d4a6c4114f5a82d42fbda1f902cf3b58ca080a3efdabbdae69a55ba64a991b15aedb79d6d4b3953f579c0578a58dfa09f47925cf205b13b0f62c713b440182fab6f9f7a6f63cb632c93cb7430e13c1195bfc925ecf07eab68cf76898912eb557b919f0322ef74dc79e1c943e4f01eeb27a2dd295c8f44756cd40db63a0103094642d92d591a5d5f4c2a376ed7df5716e21a96cb2152525ced6f4b6c31571fd93550a6fc3a9945433c8e2ad4c9261e6866fffd1827542e1830ce80ac3a3002f4b9381eaa685b9ddbc9adb3295536deabf74744c54f6cd08dd0ece32572b316b212849321214fc5b7090b346e620136ca33a89c49b718ddad8bd425d61db2f5b272143b27a61c68604744311c7283825e2f03751d4d8392e0fdefda8bd0c54674cd7792ec4ae32195ced9d7c4466e524e0e87c1aa5fd9dd42879a4d8c70b5e1d57205961d64f2122f755b7bf752a7f7aa5e91400074c324a8b6e804553a830b2a10be3dcb7e7c204c0c6a0552523805347bc12cf2017d6fc356ca90dab86770dabfc1b46b7a80b992a7294e37b76ef2d76d6d4e3063fc2a7bf8f68ebd49729f6e43baf8ec29df9ed37e8aa0926c0278492d369190d06c3aee848e8b9b98c80de0d179cb0085a9a35c80a454a2999363090190e90738118c2e5b4a89f648426cda15f645c3047172fd33e26e3e7204d757059505789f1a4dfde8b06921d56671cd1f150632277a03bf19f0a00ae1a4f25c0ccf31241f4eca6fb04f6dc2f5ce9b4c7fe9069ba7a3ee83c968d7e457b368a51eb67866b6404431d31caec60c46d3df3d73f56c6e55e82e26dc74859a8fb5dee39703a7ca2151093709d44ec8bab994f5cbd255f61df066a3900794822d3997cb90622da5395706e7622469fce4e96022325f9a3d3bd0643c17211b3398081021511da6702bbcc8f46f3d0278d09e9d460de7bd942e60560ec36abe9f8584342d0de0e4dca78b06a3f4132aa55858f4dbcc39b4804549b3cf4ed2708cb7b33582afa22890c91f0f308e5a8fa39c9da94bdbbd43229671d85992b860d6a0584ef4acc1671556ce606c7f4fa09591de0ca8ab924011e45e898c12843347f4ced8cd1c2d2e865693338e9a9cdb3ae498ac952b7a997fbc2a931d6479c3f8d37a9294c4af56077731be70ad8d49976e657a2ab1d899b67bf84d3c088a10c742110787d9bdac844c0374034bb291378f4128f21fbfaac43281984d692647d24a18e9986be920d888feee567e1cd859c8a2070f5d7dac10c7cf25e0be266bd84e32f7e7e4ddbf741b7d57fe8aa392d0146e7a15b86e8199825b312370668faa6f7afd2e860d5c80b8d7163e1219a442aab094f36bd85f61fcf49870a8476662aa8cd3b608be3b31ef089f7d60288ad8fc9272f6371a1ca9495bc7397fc512fd95740a169a0b213f4c1169cee75001d2760e9c09ec99ea47b32a4cea0d11bca20edb0b43393c63ac4bd2e31818ad1dfb55d4a051991db2d72ab214d8e33c366f9dee9a3c7e33b2ab0beb85dda65bc20565ad9088da87b3c87a7564a1deebff4e6ec56a102f2977b40379e0fda62960763810301c8e0ce427880b1c65a45594362aec4df82443def88ea232e8bb2b1b166d9798d39f0690c3c60cc7562e62748bc26dc0bd88c334ed55f8a3418e8532b2ac2e706bdc504c155d4aa334730f3e2186f25212195f39a2ea8c923bf8be2e49640470c801dc047a701f7ba746a79bd17b427b2555987e98b803dbfa9512434a4c0aaf0615a3fc76025345b79f7b5b23e00cb3c414dd8b486512503676813ee29c33ba17fe579f509fa31f2d39a5ef8757aa3ca9ead17592d3bacd41fe37b614fa02b6d77cedbca8f5fea232ea883ad5af8a574ff3c1ad7cf63ae3a23272e0d30c473a75fac255481ce44418960632625eb3a23d4a429d0996dae1e3f07f80912c7b6d16a26f3a5b138d06f282d971544511dd4d49bc933bbbbc9ab6027f9079cfd6827972bec39b2321c097617e24ef90002b5c82f50e08f4857c74e477fae2f03c9871952179b0e5a235abcc9f4d74c3b3b54a2888d59818d14deee70547cd62afe571d1c3236c2483d9fb613f9079614d9cdbb121b48d785e76f9c31f0163748251d8a301a94568dde39a2101eb927d44f193e4d51717f35a52d05a314c70925b226c3296770da39736c09d062cad5d996241255bd85827b6e13246dde79a37eb9da781493272866b2b7688649a61a0ceb8bf96b81eabb1957c035a7560376722818e6a106af7d7bd73626845707647175ed4801b01a25986b32c6897d9a870fbbd8fd635895134e2c5eff5ac228e6c37bea753061b852ef6a51ea0a0d5c728e662776afc94bdedcf947df338ef2e67691201ac2569cf87a8ff66f32484899c208906e436be887d59275b5fe4c568a75b4cc79b0dd67d29c5a0dbd52c168684f4d044560db05da43536f1447c3b71bab0a709b5b0bcb10e576b95277d55fd10f9213be242e47b9940b5a45b37aac3d13540da9cd7effe3d0b1f722053b397c0edafcee430ea7461978ec5df9852d262e46d3ccb6c39629935d22e7ecc4f90b1ce62631d2ad54977a25d28dae1af63dcb311f340ffe2eb766265c089cbaee66c50d5ce63922e21fff74c1b7eb69841441be6956bf558d00928f4eae4a6280ca9022f5d2c206ba14579b3ecd1581f3053aca4a7614cc75d0c0223c326acc01c91230e3a940faf1184d0298fa6da7685517f36563818788bf7d071c6efd30cfc75a1df0cc3016d86b4cbc1956d2586e33d3f5ed349824055635e3c18dae075f2e41572ef36d569e90a2fb823b547805b9762411900e9486b193feb3971d5f50b483c2919c7784cdfd3ceefcd134b6ce5fe3c56a431f04ad90115b4991c551a9b0069a7d5fc1687d4a073b7eb116dc8764b7638d857b9c90246af8676ca2666b48148553fffefd85ee57331346d0f45b1dd4ea91385d2b74da7ee9b2047dc4523e62e8bb4f4e9454ac85afd86c2745e2b2a5ee3b9a37aaa227b51c7a74cca272a9c6687192ce303fb6740e891f0105485a60b4454b80478935727acfac9b9f2561cf15426f094be4ec83778ac27c10d61eb49e2a5f2b3bb60a700d383040712dda7d30da166a31050496b33da0c5f495313d4765f28c4a3c70c67f72a2c47cef7deface3408d3d37437294e32c4fc6fe129a2bcc5f5525b97e0af4e59c38b0ea942f9d9ac1695a7363aadbcde7160035c755b3dd53e3148d388d235e2f198d5090687423bdaef79c7322871147ee2bec1f64c3042e3d293b19a414f8c1827f34d6a1bba8fe607166e377da0caf20698216529510af0bba0e7b5500858b2c30d55abff8a8c556a4d518e5d92f758f19f16582608288be4e78256e8cc1dda750c1e19da2cc7ea8def0cb90a17a73f9f9d890f09a2538665459d313a6e675d40a00653086f617f8e4df035b44f87db791ccf092ee49426d27f34b12ef80278d6a77ab2c017453821d4ba58f31c523a9d4956f98e687996be7319783d551781346cf3564231a27f9366e941c054c9824c7821a483a12f80d030df765bed75de8519000538dd51d4a464e068093ef53439116029784f12c58f209f06ac74acb27d5d79fd546700d7acb7fd9f4967a308787c1249645a8bbd1a44dd266f404bf5f3d4a2d7693c67184cbc9de0526404d498838ab0ac35bb792e7330ad23b6119fe711e15d8e4319833c9b74b6a51d1ca41fa80b9101a4bc7ca0434e6742f7ae4d728d9f80fffc043f13b888f60dd3de8aa3ec579551b28481b49036bb3f80e1cea6541fd16449a2435ec32a10636fdc76a3f17e54fd1bf53436dcf5ded1d59663219c02fd95e2d97e6b1d478faeb5ba77d601d1d8957abbc0e2434f0c209a691d61c8e5bc81a8955c99bada5a61cf4527d5ba12ff9a97eaa6f826bd10eeba1e8275a29413f8aa92c33f1ff817ef081436ece7044ae8ddd00490050be13c8d43fc4617b8333619b5b5d5e0690a3a87800cfcd1704d73b390c57b74c464977394ead66f5b0d1799635f91", 0x1000}, {&(0x7f00000000c0)="74a1054864d5fd", 0x7}, {&(0x7f0000000100)="31ba73e39c4d2fab2890e242c68489594b502065aedd6a022872a343863c9b64824acc0f2346eb880fb57929af92", 0x2e}], 0x3) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8200010008a53e1277aa8c26dd17073918e9dd27fc73512f2da51d63c52572778044df1870b7fcc8e5137b38ddcde89efac22f627fc9fe92349f0b6e2071e87d310f853c2b35afdb374f60a643ef55b4be9469c5209570095d9d1f88659bd14d28"], 0x0)

[  546.421364][T15847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  546.429340][T15847] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  546.437335][T15847]  </TASK>
[  546.484641][T15857] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:57 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x4)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)=0x5)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in={{0x2, 0x4e21, @private=0xa010102}}, 0x0, 0x0, 0x0, 0x0, "6699c5612e15f1d94a5dfefd8fc8e0469c10479cb0b07429ef58a7605108b478ef28b37e1633232b64b585b960f6e062f814deaf4719348f7006d8f4e97f8b6164da3522e503d61e544ca68b24df62a1"}, 0xd8)
syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@local, @multicast, @val={@val={0x9100, 0x0, 0x0, 0x4}, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:57 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x4) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)=0x5)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in={{0x2, 0x4e21, @private=0xa010102}}, 0x0, 0x0, 0x0, 0x0, "6699c5612e15f1d94a5dfefd8fc8e0469c10479cb0b07429ef58a7605108b478ef28b37e1633232b64b585b960f6e062f814deaf4719348f7006d8f4e97f8b6164da3522e503d61e544ca68b24df62a1"}, 0xd8) (async)
syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@local, @multicast, @val={@val={0x9100, 0x0, 0x0, 0x4}, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:57 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x4) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)=0x5) (async)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in={{0x2, 0x4e21, @private=0xa010102}}, 0x0, 0x0, 0x0, 0x0, "6699c5612e15f1d94a5dfefd8fc8e0469c10479cb0b07429ef58a7605108b478ef28b37e1633232b64b585b960f6e062f814deaf4719348f7006d8f4e97f8b6164da3522e503d61e544ca68b24df62a1"}, 0xd8) (async)
syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@local, @multicast, @val={@val={0x9100, 0x0, 0x0, 0x4}, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:36:57 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x5}, 0x0, 0x0)

01:36:57 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x18}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:57 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x2000000, 0x0, 0x0, 0x200000000000000)

01:36:57 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 29)

[  546.907456][T15874] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  546.942076][T15878] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  546.964997][T15874] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  547.055340][T15880] FAULT_INJECTION: forcing a failure.
[  547.055340][T15880] name failslab, interval 1, probability 0, space 0, times 0
[  547.070622][T15880] CPU: 0 PID: 15880 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  547.084897][T15880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  547.094969][T15880] Call Trace:
[  547.098249][T15880]  <TASK>
[  547.101223][T15880]  dump_stack_lvl+0xcd/0x134
[  547.106164][T15880]  should_fail.cold+0x5/0xa
[  547.110668][T15880]  should_failslab+0x5/0x10
[  547.115169][T15880]  kmem_cache_alloc_bulk+0x4b/0x720
[  547.120378][T15880]  io_submit_sqes.cold+0x1b9/0x3f2
[  547.125531][T15880]  ? find_held_lock+0x2d/0x110
[  547.130317][T15880]  ? io_apoll_task_func+0x270/0x270
[  547.135644][T15880]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  547.141651][T15880]  __do_sys_io_uring_enter+0x119b/0x21d0
[  547.147324][T15880]  ? io_submit_sqes+0x98b0/0x98b0
[  547.152416][T15880]  ? find_held_lock+0x2d/0x110
[  547.157310][T15880]  ? __context_tracking_exit+0xb8/0xe0
[  547.163232][T15880]  ? lock_downgrade+0x6e0/0x6e0
[  547.168564][T15880]  ? lock_downgrade+0x6e0/0x6e0
[  547.173457][T15880]  ? syscall_enter_from_user_mode+0x21/0x70
[  547.179385][T15880]  do_syscall_64+0x35/0xb0
[  547.183834][T15880]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  547.189755][T15880] RIP: 0033:0x7fb48a0890e9
[  547.194163][T15880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  547.213870][T15880] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  547.222306][T15880] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  547.230741][T15880] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  547.238802][T15880] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  547.246782][T15880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
01:36:58 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x2000000, 0x0, 0x0, 0x200000000000000)

01:36:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x4, &(0x7f0000000000)=0x3, 0x4)
ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000040))
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000080)={<r1=>0x41424344}, 0x1, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=r1, @ANYRES32=0x41424344, @ANYBLOB="d0eb696daa59f847"], 0x0)

[  547.254747][T15880] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  547.262811][T15880]  </TASK>
01:36:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x4, &(0x7f0000000000)=0x3, 0x4) (async)
ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000040)) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_extract_tcp_res$synack(&(0x7f0000000080)={<r1=>0x41424344}, 0x1, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=r1, @ANYRES32=0x41424344, @ANYBLOB="d0eb696daa59f847"], 0x0)

01:36:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x4, &(0x7f0000000000)=0x3, 0x4)
ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000040))
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000080)={<r1=>0x41424344}, 0x1, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=r1, @ANYRES32=0x41424344, @ANYBLOB="d0eb696daa59f847"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
setsockopt$inet_tcp_int(r0, 0x6, 0x4, &(0x7f0000000000)=0x3, 0x4) (async)
ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000040)) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_extract_tcp_res$synack(&(0x7f0000000080), 0x1, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a010102ac1414aa00004e22", @ANYRES32=r1, @ANYRES32=0x41424344, @ANYBLOB="d0eb696daa59f847"], 0x0) (async)

01:36:58 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x19}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:36:58 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x6}, 0x0, 0x0)

01:36:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002900000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

01:36:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002900000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

[  547.552786][T15900] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  547.646211][T15904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002900000000000690780a010102ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)

[  547.691939][T15900] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:58 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000) (fail_nth: 30)

01:36:58 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x7000000, 0x0, 0x0, 0x200000000000000)

01:36:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000000)={'bridge_slave_0\x00'})
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r3, @ANYBLOB="669d4f80e6101090900d1c36bfefb9ed75002a00000000896a96facbf297131bb5a753346744e610002d800a9955c23f0d1a48dd3497d7f036493e3a11f30f1007c7d15e9bc0f3ca0d790cab7e035ae8044d4f71dd57ebb066e386"], 0x40}}, 0x0)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x14, r2, 0x100, 0x70bd25, 0x25ffdbfe, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000814}, 0x4000000)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  548.025028][T15918] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'.
[  548.135254][T15913] FAULT_INJECTION: forcing a failure.
[  548.135254][T15913] name failslab, interval 1, probability 0, space 0, times 0
[  548.165191][T15913] CPU: 0 PID: 15913 Comm: syz-executor.5 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  548.175707][T15913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  548.185758][T15913] Call Trace:
[  548.189137][T15913]  <TASK>
[  548.192056][T15913]  dump_stack_lvl+0xcd/0x134
[  548.196640][T15913]  should_fail.cold+0x5/0xa
[  548.201134][T15913]  should_failslab+0x5/0x10
[  548.205619][T15913]  kmem_cache_alloc_bulk+0x4b/0x720
[  548.210824][T15913]  io_submit_sqes.cold+0x1b9/0x3f2
[  548.215971][T15913]  ? find_held_lock+0x2d/0x110
[  548.220738][T15913]  ? io_apoll_task_func+0x270/0x270
[  548.225946][T15913]  ? __do_sys_io_uring_enter+0x119b/0x21d0
[  548.231851][T15913]  __do_sys_io_uring_enter+0x119b/0x21d0
[  548.237509][T15913]  ? io_submit_sqes+0x98b0/0x98b0
[  548.242549][T15913]  ? find_held_lock+0x2d/0x110
[  548.247339][T15913]  ? __context_tracking_exit+0xb8/0xe0
[  548.252812][T15913]  ? lock_downgrade+0x6e0/0x6e0
[  548.257676][T15913]  ? lock_downgrade+0x6e0/0x6e0
[  548.262545][T15913]  ? syscall_enter_from_user_mode+0x21/0x70
[  548.268447][T15913]  do_syscall_64+0x35/0xb0
[  548.272879][T15913]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  548.278770][T15913] RIP: 0033:0x7fb48a0890e9
[  548.283179][T15913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  548.302788][T15913] RSP: 002b:00007fb48b23e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  548.311222][T15913] RAX: ffffffffffffffda RBX: 00007fb48a19bf60 RCX: 00007fb48a0890e9
[  548.319207][T15913] RDX: 0000000000000000 RSI: 0000000000002905 RDI: 0000000000000005
[  548.327191][T15913] RBP: 00007fb48b23e1d0 R08: 0000000000000000 R09: 0200000000000000
[  548.335183][T15913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  548.343154][T15913] R13: 00007fb48a6cfb1f R14: 00007fb48b23e300 R15: 0000000000022000
[  548.351135][T15913]  </TASK>
01:36:59 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x7000000, 0x0, 0x0, 0x200000000000000)

01:36:59 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x7}, 0x0, 0x0)

01:36:59 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000000)={'bridge_slave_0\x00'}) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r3, @ANYBLOB="669d4f80e6101090900d1c36bfefb9ed75002a00000000896a96facbf297131bb5a753346744e610002d800a9955c23f0d1a48dd3497d7f036493e3a11f30f1007c7d15e9bc0f3ca0d790cab7e035ae8044d4f71dd57ebb066e386"], 0x40}}, 0x0)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x14, r2, 0x100, 0x70bd25, 0x25ffdbfe, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000814}, 0x4000000) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  548.470870][T15922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  548.534450][T15926] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'.
[  548.582990][T15922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:36:59 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000000)={'bridge_slave_0\x00'})
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r3, @ANYBLOB="669d4f80e6101090900d1c36bfefb9ed75002a00000000896a96facbf297131bb5a753346744e610002d800a9955c23f0d1a48dd3497d7f036493e3a11f30f1007c7d15e9bc0f3ca0d790cab7e035ae8044d4f71dd57ebb066e386"], 0x40}}, 0x0)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x14, r2, 0x100, 0x70bd25, 0x25ffdbfe, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000814}, 0x4000000)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000000)={'bridge_slave_0\x00'}) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r3, @ANYBLOB="669d4f80e6101090900d1c36bfefb9ed75002a00000000896a96facbf297131bb5a753346744e610002d800a9955c23f0d1a48dd3497d7f036493e3a11f30f1007c7d15e9bc0f3ca0d790cab7e035ae8044d4f71dd57ebb066e386"], 0x40}}, 0x0) (async)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x14, r2, 0x100, 0x70bd25, 0x25ffdbfe, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000814}, 0x4000000) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)

[  548.729271][T15933] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'.
[  548.942184][ T4780] device hsr_slave_0 left promiscuous mode
[  549.023731][ T4780] device hsr_slave_1 left promiscuous mode
[  549.056238][ T4780] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  549.088894][ T4780] batman_adv: batadv0: Removing interface: batadv_slave_0
[  549.122093][ T4780] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  549.146752][ T4780] batman_adv: batadv0: Removing interface: batadv_slave_1
[  549.162554][ T4780] device bridge_slave_1 left promiscuous mode
[  549.197743][ T4780] bridge0: port 2(bridge_slave_1) entered disabled state
[  549.247184][ T4780] device bridge_slave_0 left promiscuous mode
[  549.273820][ T4780] bridge0: port 1(bridge_slave_0) entered disabled state
[  549.295279][ T4780] device veth1_macvtap left promiscuous mode
[  549.310721][ T4780] device veth0_macvtap left promiscuous mode
[  549.317036][ T4780] device veth1_vlan left promiscuous mode
[  549.327624][ T4780] device veth0_vlan left promiscuous mode
[  549.737349][ T4780] team0 (unregistering): Port device team_slave_1 removed
[  549.755213][ T4780] team0 (unregistering): Port device team_slave_0 removed
[  549.773360][ T4780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  549.808877][ T4780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  549.943744][ T4780] bond0 (unregistering): Released all slaves
[  552.098870][   T46] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  552.107938][   T46] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  552.116743][   T46] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  552.124910][   T46] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  552.133026][   T46] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  552.141757][   T46] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  552.231536][T15940] chnl_net:caif_netlink_parms(): no params data found
[  552.277908][T15940] bridge0: port 1(bridge_slave_0) entered blocking state
[  552.285182][T15940] bridge0: port 1(bridge_slave_0) entered disabled state
[  552.293186][T15940] device bridge_slave_0 entered promiscuous mode
[  552.301054][T15940] bridge0: port 2(bridge_slave_1) entered blocking state
[  552.308254][T15940] bridge0: port 2(bridge_slave_1) entered disabled state
[  552.316507][T15940] device bridge_slave_1 entered promiscuous mode
[  552.346565][T15940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  552.357512][T15940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  552.389404][T15940] team0: Port device team_slave_0 added
[  552.396914][T15940] team0: Port device team_slave_1 added
[  552.414877][T15940] batman_adv: batadv0: Adding interface: batadv_slave_0
[  552.421983][T15940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  552.447955][T15940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  552.462029][T15940] batman_adv: batadv0: Adding interface: batadv_slave_1
[  552.469282][T15940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  552.495660][T15940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  552.523752][T15940] device hsr_slave_0 entered promiscuous mode
[  552.530456][T15940] device hsr_slave_1 entered promiscuous mode
[  552.537038][T15940] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  552.547996][T15940] Cannot create hsr debugfs directory
[  552.621038][T15940] bridge0: port 2(bridge_slave_1) entered blocking state
[  552.628129][T15940] bridge0: port 2(bridge_slave_1) entered forwarding state
[  552.635524][T15940] bridge0: port 1(bridge_slave_0) entered blocking state
[  552.642637][T15940] bridge0: port 1(bridge_slave_0) entered forwarding state
[  552.692463][T15940] 8021q: adding VLAN 0 to HW filter on device bond0
[  552.707031][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  552.717039][T10197] bridge0: port 1(bridge_slave_0) entered disabled state
[  552.725360][T10197] bridge0: port 2(bridge_slave_1) entered disabled state
[  552.734521][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  552.747683][T15940] 8021q: adding VLAN 0 to HW filter on device team0
[  552.759916][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  552.768274][ T3603] bridge0: port 1(bridge_slave_0) entered blocking state
[  552.780424][ T3603] bridge0: port 1(bridge_slave_0) entered forwarding state
[  552.799498][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  552.807981][ T3603] bridge0: port 2(bridge_slave_1) entered blocking state
[  552.815117][ T3603] bridge0: port 2(bridge_slave_1) entered forwarding state
[  552.842404][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  552.850957][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  552.864542][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  552.872985][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  552.887087][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  552.897545][T15940] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  552.916664][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  552.924557][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  552.936273][T15940] 8021q: adding VLAN 0 to HW filter on device batadv0
[  552.961278][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  552.981874][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  552.994243][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  553.002240][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  553.013654][T15940] device veth0_vlan entered promiscuous mode
[  553.024832][T15940] device veth1_vlan entered promiscuous mode
[  553.044933][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  553.053151][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  553.061798][T10197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  553.079041][T15940] device veth0_macvtap entered promiscuous mode
[  553.087963][T15940] device veth1_macvtap entered promiscuous mode
[  553.105168][T15940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  553.115839][T15940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  553.126064][T15940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  553.136956][T15940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  553.146851][T15940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  553.157313][T15940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  553.168577][T15940] batman_adv: batadv0: Interface activated: batadv_slave_0
[  553.177886][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  553.187756][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  553.197125][T15940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  553.208513][T15940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  553.218518][T15940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  553.229986][T15940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  553.239927][T15940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  553.250555][T15940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  553.261887][T15940] batman_adv: batadv0: Interface activated: batadv_slave_1
[  553.270856][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  553.350023][ T4780] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  553.360544][ T4780] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  553.371864][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  553.387669][ T3742] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  553.395836][ T3742] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  553.407189][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  553.449001][T15946] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:37:04 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x1a}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:37:04 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:37:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x8}, 0x0, 0x0)

01:37:04 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbb3bbbb08004500002800000000000690780ae50002ac1414aa00004e2280936b9a2c1d6bccf679a7643a592d4080a4853c760f96241f4c5530c805b47c152ebb9b789084be2546a997d817f5a88047c1e29f41995960f47f0a3cd05a124f916d095c2a31551fc9a89b097967bdcff282773772f38207963dccb938bf1b3736cf7f69dcbcb5ef7290ff2e4a353ab4d4ba710284b6d8154cbdeaea433fca2ce32586b67745c95b8f3ffb674c36d2cad0b676bd8e438aa5cacf93dc133072000000000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02001a90780000"], 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)

01:37:04 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x8000000, 0x0, 0x0, 0x200000000000000)

01:37:04 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x1f000000, 0x0, 0x0, 0x200000000000000)

[  553.802467][T15951] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  553.812446][T15955] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:37:04 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0) (async, rerun: 64)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbb3bbbb08004500002800000000000690780ae50002ac1414aa00004e2280936b9a2c1d6bccf679a7643a592d4080a4853c760f96241f4c5530c805b47c152ebb9b789084be2546a997d817f5a88047c1e29f41995960f47f0a3cd05a124f916d095c2a31551fc9a89b097967bdcff282773772f38207963dccb938bf1b3736cf7f69dcbcb5ef7290ff2e4a353ab4d4ba710284b6d8154cbdeaea433fca2ce32586b67745c95b8f3ffb674c36d2cad0b676bd8e438aa5cacf93dc133072000000000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02001a90780000"], 0x0) (rerun: 64)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)

[  553.846214][T15951] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:37:04 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2908, 0x0, 0x0, 0x0, 0x200000000000000)

01:37:04 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbb3bbbb08004500002800000000000690780ae50002ac1414aa00004e2280936b9a2c1d6bccf679a7643a592d4080a4853c760f96241f4c5530c805b47c152ebb9b789084be2546a997d817f5a88047c1e29f41995960f47f0a3cd05a124f916d095c2a31551fc9a89b097967bdcff282773772f38207963dccb938bf1b3736cf7f69dcbcb5ef7290ff2e4a353ab4d4ba710284b6d8154cbdeaea433fca2ce32586b67745c95b8f3ffb674c36d2cad0b676bd8e438aa5cacf93dc133072000000000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02001a90780000"], 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbb3bbbb08004500002800000000000690780ae50002ac1414aa00004e2280936b9a2c1d6bccf679a7643a592d4080a4853c760f96241f4c5530c805b47c152ebb9b789084be2546a997d817f5a88047c1e29f41995960f47f0a3cd05a124f916d095c2a31551fc9a89b097967bdcff282773772f38207963dccb938bf1b3736cf7f69dcbcb5ef7290ff2e4a353ab4d4ba710284b6d8154cbdeaea433fca2ce32586b67745c95b8f3ffb674c36d2cad0b676bd8e438aa5cacf93dc133072000000000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02001a90780000"], 0x0) (async)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) (async)

01:37:05 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x1b}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:37:05 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x0, 0x0, 0x0, 0x200000000000000)

01:37:05 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
getresgid(&(0x7f0000000040), &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000240))
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r4])
setsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000980)={0xffffffffffffffff, 0xffffffffffffffff, r4}, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0)
setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000000)=0x8, 0x4)
recvmmsg(r0, &(0x7f0000000900)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f00000007c0)=[{&(0x7f00000000c0)=""/90, 0x5a}, {&(0x7f00000001c0)=""/86, 0x56}, {&(0x7f0000000240)=""/135, 0x87}, {&(0x7f0000000400)=""/163, 0xa3}, {&(0x7f00000004c0)=""/252, 0xfc}, {&(0x7f00000005c0)=""/252, 0xfc}, {&(0x7f0000000300)=""/52, 0x34}, {&(0x7f00000006c0)=""/159, 0x9f}, {&(0x7f0000000780)=""/10, 0xa}], 0x9, &(0x7f0000000880)=""/119, 0x77}, 0x3}], 0x1, 0x2000, &(0x7f0000000940)={0x77359400})
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  554.158938][ T3680] Bluetooth: hci1: command 0x0409 tx timeout
01:37:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x9}, 0x0, 0x0)

01:37:05 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0) (async)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) (async)
getresgid(&(0x7f0000000040), &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000240))
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r4]) (async)
setsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000980)={0xffffffffffffffff, 0xffffffffffffffff, r4}, 0xc) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0)
setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000000)=0x8, 0x4) (async)
recvmmsg(r0, &(0x7f0000000900)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f00000007c0)=[{&(0x7f00000000c0)=""/90, 0x5a}, {&(0x7f00000001c0)=""/86, 0x56}, {&(0x7f0000000240)=""/135, 0x87}, {&(0x7f0000000400)=""/163, 0xa3}, {&(0x7f00000004c0)=""/252, 0xfc}, {&(0x7f00000005c0)=""/252, 0xfc}, {&(0x7f0000000300)=""/52, 0x34}, {&(0x7f00000006c0)=""/159, 0x9f}, {&(0x7f0000000780)=""/10, 0xa}], 0x9, &(0x7f0000000880)=""/119, 0x77}, 0x3}], 0x1, 0x2000, &(0x7f0000000940)={0x77359400})
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  554.247914][T15973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  554.303904][T15978] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  554.371453][T15980] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:37:05 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async, rerun: 64)
listen(r0, 0x0) (async, rerun: 64)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0) (async)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) (async)
getresgid(&(0x7f0000000040), &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000240))
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r4]) (async)
setsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000980)={0xffffffffffffffff, 0xffffffffffffffff, r4}, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8}]}], {0x14}}, 0x90}}, 0x0) (async)
setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000000)=0x8, 0x4)
recvmmsg(r0, &(0x7f0000000900)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f00000007c0)=[{&(0x7f00000000c0)=""/90, 0x5a}, {&(0x7f00000001c0)=""/86, 0x56}, {&(0x7f0000000240)=""/135, 0x87}, {&(0x7f0000000400)=""/163, 0xa3}, {&(0x7f00000004c0)=""/252, 0xfc}, {&(0x7f00000005c0)=""/252, 0xfc}, {&(0x7f0000000300)=""/52, 0x34}, {&(0x7f00000006c0)=""/159, 0x9f}, {&(0x7f0000000780)=""/10, 0xa}], 0x9, &(0x7f0000000880)=""/119, 0x77}, 0x3}], 0x1, 0x2000, &(0x7f0000000940)={0x77359400}) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:37:05 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x2, 0x0, 0x0, 0x200000000000000)

01:37:05 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = signalfd(r0, &(0x7f0000000080)={[0x1e]}, 0x8)
sendto$inet(r1, &(0x7f00000000c0)="c0cb221570002908f2f193edd51c95468a9fa36ea0fc0ebfa8f2163678d69256f64fb35f78448dbb204b74149c948c806536bc1ad29d590d345530f8f308d1dd293b4d23e5b819a5826645c04f82115f9ed599", 0x53, 0x20000041, &(0x7f0000000140)={0x2, 0x4e23, @remote}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
connect(0xffffffffffffffff, &(0x7f0000000000)=@pppoe={0x18, 0x0, {0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}, 'veth1_to_bridge\x00'}}, 0x80)
shutdown(r0, 0x0)

01:37:05 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x20000000, 0x0, 0x0, 0x200000000000000)

01:37:05 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x1c}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:37:05 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x1f000000, 0x0, 0x0, 0x200000000000000)

01:37:05 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = signalfd(r0, &(0x7f0000000080)={[0x1e]}, 0x8)
sendto$inet(r1, &(0x7f00000000c0)="c0cb221570002908f2f193edd51c95468a9fa36ea0fc0ebfa8f2163678d69256f64fb35f78448dbb204b74149c948c806536bc1ad29d590d345530f8f308d1dd293b4d23e5b819a5826645c04f82115f9ed599", 0x53, 0x20000041, &(0x7f0000000140)={0x2, 0x4e23, @remote}, 0x10) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
connect(0xffffffffffffffff, &(0x7f0000000000)=@pppoe={0x18, 0x0, {0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}, 'veth1_to_bridge\x00'}}, 0x80)
shutdown(r0, 0x0)

01:37:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0xe}, 0x0, 0x0)

[  554.754317][T15995] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  554.824092][T16001] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:37:05 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
r1 = signalfd(r0, &(0x7f0000000080)={[0x1e]}, 0x8)
sendto$inet(r1, &(0x7f00000000c0)="c0cb221570002908f2f193edd51c95468a9fa36ea0fc0ebfa8f2163678d69256f64fb35f78448dbb204b74149c948c806536bc1ad29d590d345530f8f308d1dd293b4d23e5b819a5826645c04f82115f9ed599", 0x53, 0x20000041, &(0x7f0000000140)={0x2, 0x4e23, @remote}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
connect(0xffffffffffffffff, &(0x7f0000000000)=@pppoe={0x18, 0x0, {0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}, 'veth1_to_bridge\x00'}}, 0x80)
shutdown(r0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
signalfd(r0, &(0x7f0000000080)={[0x1e]}, 0x8) (async)
sendto$inet(r1, &(0x7f00000000c0)="c0cb221570002908f2f193edd51c95468a9fa36ea0fc0ebfa8f2163678d69256f64fb35f78448dbb204b74149c948c806536bc1ad29d590d345530f8f308d1dd293b4d23e5b819a5826645c04f82115f9ed599", 0x53, 0x20000041, &(0x7f0000000140)={0x2, 0x4e23, @remote}, 0x10) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async)
connect(0xffffffffffffffff, &(0x7f0000000000)=@pppoe={0x18, 0x0, {0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}, 'veth1_to_bridge\x00'}}, 0x80) (async)
shutdown(r0, 0x0) (async)

01:37:05 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x8, 0x0, 0x0, 0x200000000000000)

[  554.953508][T16001] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:37:05 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a0101aa00004e2200000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
sendto$phonet(0xffffffffffffffff, &(0x7f0000000400)="f9136b9b6d226ac4bb58616f0b9e3126b07537b15df1bb92ec9da7e6a66cbd20faf176edbac7ecd3ad565956189fc2ae259852fe9c42ae074710e558bdb3ed596733fc7b2b5930d83627f012e0296fbf677d524ba878787578a0f4047db5a432721d4801bd4d4a70b452d6752e618c1f306e857c449584b61f4570d1bd23fbc07f1f7d8adc761e442f0e7b22f95e8b6ac224aab11b285434e993579c88b1220e3a3b3bb50e5122d337d62af5e6da344d238aa58eb9edb47b6b63bbb9de495fc0df7f11f250ccceff71f02fe73f3c60b97ccd0331ddc3165d09ae7d0b3b3ab0906e972109c173d4251ec30aa3cf67986e0cd53cc5b82ede4299bdeac154b8c4a9a5d2e83802c94a11f239c044bd35eca5d0ba690363f83438407593912f0ef26f905a4a7ebbfebc6ebd818cc9ef313d140b57a07856ad307b355770f730c2ba53eb221a8dc55466919fd8183a5495012f1556a7421118f1a9b1e9f11d5ed816868fb7197926621d3a16550e384653a021f9fe9b8e73751e0f165223bfd5988e326516132e0f357bc5226ebea3a6a87d443fe733af8c80530c2e2d187d352ac08ae61c3725f06b4000ab956c3d934304edca645df43c4c64851760c23c0fc65aad65060c5f3f26c5a8133bf3e13a3c7e743a2c3d0a2f06e5d97b8718e687cc17b37a48f018a1ddec1e50fa416ae157d0f61a0d3a90a9be8194ce11d9401ba5f9ef655b899c3dfdbc9a62e532ff5ee844440edc8f020b9f2357464869b837c506c9ce0c078ce81c12dabba6ba53e1b21f510e66f45c9d581a7dbc2bbe0713aa9b10b9ae6d91dcfeac3e578f58ef6b9d84f7d9933dd80d3c59490fd2a19f24e896fb4280f115657bddad011359fdbb90ffc7fbc668776ae1f509d8be3cb5a504739b126feb55565f48cc666fa83c5e9847b3cbb714b070bd3cc3d608c67c569402e5783c635e08bc588a331e3ff9a6a4ea27083968e09e69e1b8a19f99eaf33775770b12651b4187bd19d8eed5f09d9be68b1bea8251f5c3dde4ee840cb00435fcfe94b8b619814e4a15e8f6aa11441337dad824f90b41f612d6b1a797ca1b03660a3156c348e2cc92b96bf807c01b50f31d790bea4389f17828fd1e9e1149bda924c420cfdfcfd99e94487630a9f5987f8397d23de450fe791c8838b1f68e92438de82f6fb5d0717e3841c6cf8e6eac19a7e5f67325c0bb4045fc4251aca72f462acac1cc3fa2574e4b82cf165ed5118d67b5ab83550e9ab41d2395a4880baeff8f21464523752650b28b64872be6e2187ff2b2e7420386da7d23d667d9fe19ec32d6e645da04d74edb9cef421a1158c3183b207f7577fa650a74253c9ed1bd2b79df22b28e42bba3f80db0d8e03d93586f75a6a0d9906097d36bfcadaa892bce4ca12f1992867189ff52ad27b359827a3ce6c8674399d55a79430174e03c059e1df60f4aea7781f6bd6b1ee52a0e20f0316e8f4aff944652a9192d34168776fd5924866b29694e9a8b63f1ffd94dc732e350012affe6b5b2191c605cb8760c4cf9cc87eadfc23c1dc917caa3924e5e885d9b22c0197452054c4a1a07eb33689c7f036f92b1227d55a32a2f41af95ec74550659c4d7dfc5ae9493eb874e24dbda5c73bd386c7121746fc3dee9863a2bff0df615a2e37c8fa40cde496c9bd681f3d22d5f44c440afc5320c7bc6d2778311c5c614bf52165d205dad3d8f6703a85306982d35e5f054a8671dcd23f82ed185274047991d7037c57bb64a657de4b12e6bde61fcf638d92cfd4314380c43d0df9a03b6df894fc334600719297d475c68f2794a2770fff25f8e9882fa1b85262da6575fefe8535939975d0508d8618497fb44d4ab8b86525f2a98ef1ed2b26e011943a7d760ed4732891070a1040f4ac6c79c071aac4d31cb9b10c672a1cbade6241ec6932cd5d413cf71ae94bf95b569bab45e6ba2e6060b714451db233b2786168aedb21ba39ba653c2c9408b6d3e113876d63994b07d5af60bc4957ce6a45f712fb1a1886aeb3efda775d577187db9e83d66cb7355fac8e5d3add7da48f029d9c8a185057f81f4c2745d286d01bdaddb86925461a965a8a22dc49c6478910f09b11c82447fa571cbfdc2552ea62e60a76d866b0e43c0e950e03e764b60fd30201ec6a4ff7d135650d4aaed37252f03b5804990e3619e9fd04f4a333ad60b74a412f9bf9e6a65fcd3b4d421ccd9b0a00cc80aed32a4f751474735e6466bbaf30da2e5ad3ceb1e25ca27459aa7fe81baa3485d395ed1764785363724fb868986ad8f034ab381a8aa0e9c84a6aea669cbdd3468b00badcc927fed57d8a3df86e7d74afe5e00e838b0259e796762993980aa9cf5161c693e270944c1a28d539f22613aa1d5204963977656677c0b89329d2cf91a9164c588b555c84a0824d5a1db540bfd7f40c55b461200db980b43e46f2c485a53a883d5241ff1b60dbd5a7613b4354b6a332757fa3c8eb413c14053ed83c6ea88f465f31434a9e648905aa63b57bc1069e79ee8cdc7994cda4ccd54cf5e80638be4ae434563cc9a7c64ba36f4c9c9409ba74081fc4d0edeb237e32a110dd148deb0f212cd1aa1d7cd4f9d5ed7e15462275d6969720892adb3cbf89a25d26f9edce615181b69de5f51dd78dd1bbd5928e6892105d74e9e60b56c58ef7c00f7b7734aa5e036429196a02bd5d410223c24500464e764ef84f62f3a2776822bacf68ae55248634814bc4c1ad09b52c452745603639cc7377ae6c6b2d71967be69544d235114ffa73cc90947b87057bcf28d466739d85727035d0a9ed93f5b8fb377a06646d1cc8b63dbfed333c9fafa19fa75f6432928e6e831427afb6baf898a6fdf1bb0814e05012331f965a0c51d356873f3dfa3f1bcaa7f5d600e138f79bd8883bfe266cda0747127223df72d970006680a65a205bac0f4087e2267127b5c1da2450ce9232911aa432bc8f233c329548c5d5564decaddf706747efd054467bf716b1e53b9534608f914c829bb4398139d59f96c69f013cc96770c7b929c07ea0b4727c1d62799d29a8b77cc938ef9b756deb0a2b4ea17b26279dc75e1d92c2a56f4fbb62fac256a3c9bf41a8424105a32760378138b8eaf644a9b8a3e9b218bd2277aaa22fe6e9fe14c3b5ec7f6c1b408cecbfb229b2ce377b0b1834e8b24a398f334cb57457edc00e924c016a68e1177899ff7f66a04cb3d970db37497f03016df346a336da88bbe951a1ecde92b608f287f48f8a46c7d2ebb2c03ccbf37c6cc397b95f9b907b2a33301ea689b773cc8481a2878cd7c0d7c6a07ad2375f153aeebe08ac1f671ceb263f5351b47c6c650c99d0626b1de256c837fb676faadb249f251699988b02587601aba55c255d1a70f53eb1a53a02055c66897873ca624f74b9d3fcf358b903051ae00445cdca2914cc9240ee4064c097eb589da65d7d76749f17ebd55c2e402ffd7b357353b5488c05d6ebec159d83634351aecf3c2ec40488e1fe1f1eadf8cdc27b74898c30814f42d52f9c05e240c3a3bb75ebeae35ffaeaf013eb432cc0f4c84c1a68baf75a7fddb98badc3bad172760a6ecc39d18f7cad1033f0b2650e50e335f78c60b4633797cfba2ae536e3e96ae81dc373e7883e03d7eef356d75c5e72c84bfbe4c7d2e0612d3bcfd1611507d725d791b1217a30f19e6b3dca97ae1b03301a83d6f674af2150870aa27b348aecea4bfa6b6a5e2014beb0c27d5101ed12344d3ab6221a62896422643070e869674aa33124bd8908975218c8fc4c74392be952e88420f2e5deda2f9902a940f52b8c07ca07a7fe89e36ec4e208f4978d270e94c03b96434bcadcf489a4dc85880fdddf8bef5adbfa61317c104c953edfe5df05e85065f463ab4f80ff5bd81579857ba544f83ce503cb603799393f9af8406cf4657750413b05164ec55669546ebc2659bd3b5066aa2b30a45e04778480c41e4cbfc1ecf8efa42e48ecdba8b9a819872fa9a51de6eae249ef9114d35bb79f476789eeb46464edc601a1c18e526766b7a0fe361e57162d169183ada16fa753e8904072d89a042061050b8a7e612ee63a798986d86467e5d48751936e64862cc9c8eea0646ce6149439079a404cc4bd5ef030a722f5a21be90fc2df6ab428880dc45ab4f1321aab2eeee089c41314a3fe10b20dcf0fb0ee7af996b5eddf70488d4084267ca4885a55c9e2d45fbcdf788e6e3fab6025686264657f9c0d429733a529f4d909dbd13912e6a61251e1a5595e52c05a9feaae379832d9b85eed205999c1631f2151b1961c4e87fdf9d77650de0341e2fdd4d052e0ebaae3a69951d9f199bd7273dc6c81171cb9fb87dad7e272ed78de95e171c1923d678ad4667c238e10bbda266d39b001d5f5835596ff731533426d3ebf4f6501b144ce92832aa381105bf5908e34cfb8c4654e7f13e5b1c2a4da11f24537245461c77098df4454ddc6da4dfa100c27afff6c887747df7e3a8d3cc638a270ce03978feef69ebf8d094ae5087a0356df57a8d123e4628b5e5f9f857c2f2233a9166ca98827ef1654ce71e7a8726e210175759c11fa78cc6a8487abfe84acc9470b183743e64cdf03b5c91461b5c2bedc84c8a5f08466a9d1e6e65ea26212732341dbd2e2968b1d8ebc46e6f14d85b98867314582f94408bc5153d90b0dab35106afe478c9576fe74e59e4ee826499fad477a9077693e992fa98d89084e7e4d9dfd27695f2a57b0b6f85b3deec2f99cc14291994fa05dfbf7d8c308e8cf3a2899f7ab0f251e5dd76c678abaa2ae79b465a3c707be12f14f50fd4e4bbc5c3ab9656406c8ecd30fe803fe7276b71ad1f9656d414d603a40e8db74876bf824d4f2461741044fe42ee726d5c47be12a9d8046cfa5691e315e05773df780f35f90307d60db4672939bc673eea0126e163342a4be21e727e956c550ce5808c01cda53f598d7090a76709586237328105b7ac16d8002a28780ab0a3e03f660476767ee97dc47a800a4bceea7a6319b4fe47ccd92123265a705ab3f1b9f6e44a5f10e742471fde72352798c85fce58a55bf86059ada5dd2a74964ff8ce32549bf1d9eac0412c7169dc9f0624e59ae5692d41fa750749349bb40cfb11f19c8b5ddc9713124f42c59e82cd0a785c94bd23a3a70c044d88f9908fc84aeb56fb96da8778ecc95414ebabe4774db30eabab0bf98c8bbc0822e0250b7aaf25ae177510ca88ca39b92d4cc21d6a66476ec206192555e85041c0cc459e6d3a1fc5a2821ba907a0291f81473fb916bf1968799fd2181945fe931d629c596794d8918c8b214b34d67a70675a27ff73daba317a895f2d01901f3e4f55f804255fed013503960b2cc38c4f50fe1992640380378e8feea4ace373640bd7b8c73300b4e472badca622825d3fecbba8d861bfffd8d8716b714221fe9aa1e0fd19c2ed4110da8d41ef288dd00b31191b8e42878a54607970f71dc7b30dcc8b7ab0463d25924b850c8a54742f93c5785d0465e5e7d55f0ba035382f9a85639bf533c358d08e99246efe57f813b43200c3e8ffb099443be9193e2172c141fd1c623ecd09484ce73b2ff3dd656a8f7eb8d2cb87861eaa62f662406355df62d2c147c7fc2ae3d49f51920cc8de87caf2b31d2b7be30098704cad02454dfa6690fc296fce0bcfed4d346595c4af9c3f00ab2fcc57e7d4c0b9f7fccf6aca2c4e853d5dcb0d019202a8390cad7c25f2944f93543bf297cd4948f4163fe4313087a6e2e22e72bb7660b09ec5e7a7b3ba81187300f2839a3e9ee6999b40db4ccd3f5d5e3a3d45b7cce5596472", 0x1000, 0x4808, &(0x7f0000000000)={0x23, 0x7, 0x2, 0xff}, 0x10)
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x4)

01:37:05 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a0101aa00004e2200000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
sendto$phonet(0xffffffffffffffff, &(0x7f0000000400)="f9136b9b6d226ac4bb58616f0b9e3126b07537b15df1bb92ec9da7e6a66cbd20faf176edbac7ecd3ad565956189fc2ae259852fe9c42ae074710e558bdb3ed596733fc7b2b5930d83627f012e0296fbf677d524ba878787578a0f4047db5a432721d4801bd4d4a70b452d6752e618c1f306e857c449584b61f4570d1bd23fbc07f1f7d8adc761e442f0e7b22f95e8b6ac224aab11b285434e993579c88b1220e3a3b3bb50e5122d337d62af5e6da344d238aa58eb9edb47b6b63bbb9de495fc0df7f11f250ccceff71f02fe73f3c60b97ccd0331ddc3165d09ae7d0b3b3ab0906e972109c173d4251ec30aa3cf67986e0cd53cc5b82ede4299bdeac154b8c4a9a5d2e83802c94a11f239c044bd35eca5d0ba690363f83438407593912f0ef26f905a4a7ebbfebc6ebd818cc9ef313d140b57a07856ad307b355770f730c2ba53eb221a8dc55466919fd8183a5495012f1556a7421118f1a9b1e9f11d5ed816868fb7197926621d3a16550e384653a021f9fe9b8e73751e0f165223bfd5988e326516132e0f357bc5226ebea3a6a87d443fe733af8c80530c2e2d187d352ac08ae61c3725f06b4000ab956c3d934304edca645df43c4c64851760c23c0fc65aad65060c5f3f26c5a8133bf3e13a3c7e743a2c3d0a2f06e5d97b8718e687cc17b37a48f018a1ddec1e50fa416ae157d0f61a0d3a90a9be8194ce11d9401ba5f9ef655b899c3dfdbc9a62e532ff5ee844440edc8f020b9f2357464869b837c506c9ce0c078ce81c12dabba6ba53e1b21f510e66f45c9d581a7dbc2bbe0713aa9b10b9ae6d91dcfeac3e578f58ef6b9d84f7d9933dd80d3c59490fd2a19f24e896fb4280f115657bddad011359fdbb90ffc7fbc668776ae1f509d8be3cb5a504739b126feb55565f48cc666fa83c5e9847b3cbb714b070bd3cc3d608c67c569402e5783c635e08bc588a331e3ff9a6a4ea27083968e09e69e1b8a19f99eaf33775770b12651b4187bd19d8eed5f09d9be68b1bea8251f5c3dde4ee840cb00435fcfe94b8b619814e4a15e8f6aa11441337dad824f90b41f612d6b1a797ca1b03660a3156c348e2cc92b96bf807c01b50f31d790bea4389f17828fd1e9e1149bda924c420cfdfcfd99e94487630a9f5987f8397d23de450fe791c8838b1f68e92438de82f6fb5d0717e3841c6cf8e6eac19a7e5f67325c0bb4045fc4251aca72f462acac1cc3fa2574e4b82cf165ed5118d67b5ab83550e9ab41d2395a4880baeff8f21464523752650b28b64872be6e2187ff2b2e7420386da7d23d667d9fe19ec32d6e645da04d74edb9cef421a1158c3183b207f7577fa650a74253c9ed1bd2b79df22b28e42bba3f80db0d8e03d93586f75a6a0d9906097d36bfcadaa892bce4ca12f1992867189ff52ad27b359827a3ce6c8674399d55a79430174e03c059e1df60f4aea7781f6bd6b1ee52a0e20f0316e8f4aff944652a9192d34168776fd5924866b29694e9a8b63f1ffd94dc732e350012affe6b5b2191c605cb8760c4cf9cc87eadfc23c1dc917caa3924e5e885d9b22c0197452054c4a1a07eb33689c7f036f92b1227d55a32a2f41af95ec74550659c4d7dfc5ae9493eb874e24dbda5c73bd386c7121746fc3dee9863a2bff0df615a2e37c8fa40cde496c9bd681f3d22d5f44c440afc5320c7bc6d2778311c5c614bf52165d205dad3d8f6703a85306982d35e5f054a8671dcd23f82ed185274047991d7037c57bb64a657de4b12e6bde61fcf638d92cfd4314380c43d0df9a03b6df894fc334600719297d475c68f2794a2770fff25f8e9882fa1b85262da6575fefe8535939975d0508d8618497fb44d4ab8b86525f2a98ef1ed2b26e011943a7d760ed4732891070a1040f4ac6c79c071aac4d31cb9b10c672a1cbade6241ec6932cd5d413cf71ae94bf95b569bab45e6ba2e6060b714451db233b2786168aedb21ba39ba653c2c9408b6d3e113876d63994b07d5af60bc4957ce6a45f712fb1a1886aeb3efda775d577187db9e83d66cb7355fac8e5d3add7da48f029d9c8a185057f81f4c2745d286d01bdaddb86925461a965a8a22dc49c6478910f09b11c82447fa571cbfdc2552ea62e60a76d866b0e43c0e950e03e764b60fd30201ec6a4ff7d135650d4aaed37252f03b5804990e3619e9fd04f4a333ad60b74a412f9bf9e6a65fcd3b4d421ccd9b0a00cc80aed32a4f751474735e6466bbaf30da2e5ad3ceb1e25ca27459aa7fe81baa3485d395ed1764785363724fb868986ad8f034ab381a8aa0e9c84a6aea669cbdd3468b00badcc927fed57d8a3df86e7d74afe5e00e838b0259e796762993980aa9cf5161c693e270944c1a28d539f22613aa1d5204963977656677c0b89329d2cf91a9164c588b555c84a0824d5a1db540bfd7f40c55b461200db980b43e46f2c485a53a883d5241ff1b60dbd5a7613b4354b6a332757fa3c8eb413c14053ed83c6ea88f465f31434a9e648905aa63b57bc1069e79ee8cdc7994cda4ccd54cf5e80638be4ae434563cc9a7c64ba36f4c9c9409ba74081fc4d0edeb237e32a110dd148deb0f212cd1aa1d7cd4f9d5ed7e15462275d6969720892adb3cbf89a25d26f9edce615181b69de5f51dd78dd1bbd5928e6892105d74e9e60b56c58ef7c00f7b7734aa5e036429196a02bd5d410223c24500464e764ef84f62f3a2776822bacf68ae55248634814bc4c1ad09b52c452745603639cc7377ae6c6b2d71967be69544d235114ffa73cc90947b87057bcf28d466739d85727035d0a9ed93f5b8fb377a06646d1cc8b63dbfed333c9fafa19fa75f6432928e6e831427afb6baf898a6fdf1bb0814e05012331f965a0c51d356873f3dfa3f1bcaa7f5d600e138f79bd8883bfe266cda0747127223df72d970006680a65a205bac0f4087e2267127b5c1da2450ce9232911aa432bc8f233c329548c5d5564decaddf706747efd054467bf716b1e53b9534608f914c829bb4398139d59f96c69f013cc96770c7b929c07ea0b4727c1d62799d29a8b77cc938ef9b756deb0a2b4ea17b26279dc75e1d92c2a56f4fbb62fac256a3c9bf41a8424105a32760378138b8eaf644a9b8a3e9b218bd2277aaa22fe6e9fe14c3b5ec7f6c1b408cecbfb229b2ce377b0b1834e8b24a398f334cb57457edc00e924c016a68e1177899ff7f66a04cb3d970db37497f03016df346a336da88bbe951a1ecde92b608f287f48f8a46c7d2ebb2c03ccbf37c6cc397b95f9b907b2a33301ea689b773cc8481a2878cd7c0d7c6a07ad2375f153aeebe08ac1f671ceb263f5351b47c6c650c99d0626b1de256c837fb676faadb249f251699988b02587601aba55c255d1a70f53eb1a53a02055c66897873ca624f74b9d3fcf358b903051ae00445cdca2914cc9240ee4064c097eb589da65d7d76749f17ebd55c2e402ffd7b357353b5488c05d6ebec159d83634351aecf3c2ec40488e1fe1f1eadf8cdc27b74898c30814f42d52f9c05e240c3a3bb75ebeae35ffaeaf013eb432cc0f4c84c1a68baf75a7fddb98badc3bad172760a6ecc39d18f7cad1033f0b2650e50e335f78c60b4633797cfba2ae536e3e96ae81dc373e7883e03d7eef356d75c5e72c84bfbe4c7d2e0612d3bcfd1611507d725d791b1217a30f19e6b3dca97ae1b03301a83d6f674af2150870aa27b348aecea4bfa6b6a5e2014beb0c27d5101ed12344d3ab6221a62896422643070e869674aa33124bd8908975218c8fc4c74392be952e88420f2e5deda2f9902a940f52b8c07ca07a7fe89e36ec4e208f4978d270e94c03b96434bcadcf489a4dc85880fdddf8bef5adbfa61317c104c953edfe5df05e85065f463ab4f80ff5bd81579857ba544f83ce503cb603799393f9af8406cf4657750413b05164ec55669546ebc2659bd3b5066aa2b30a45e04778480c41e4cbfc1ecf8efa42e48ecdba8b9a819872fa9a51de6eae249ef9114d35bb79f476789eeb46464edc601a1c18e526766b7a0fe361e57162d169183ada16fa753e8904072d89a042061050b8a7e612ee63a798986d86467e5d48751936e64862cc9c8eea0646ce6149439079a404cc4bd5ef030a722f5a21be90fc2df6ab428880dc45ab4f1321aab2eeee089c41314a3fe10b20dcf0fb0ee7af996b5eddf70488d4084267ca4885a55c9e2d45fbcdf788e6e3fab6025686264657f9c0d429733a529f4d909dbd13912e6a61251e1a5595e52c05a9feaae379832d9b85eed205999c1631f2151b1961c4e87fdf9d77650de0341e2fdd4d052e0ebaae3a69951d9f199bd7273dc6c81171cb9fb87dad7e272ed78de95e171c1923d678ad4667c238e10bbda266d39b001d5f5835596ff731533426d3ebf4f6501b144ce92832aa381105bf5908e34cfb8c4654e7f13e5b1c2a4da11f24537245461c77098df4454ddc6da4dfa100c27afff6c887747df7e3a8d3cc638a270ce03978feef69ebf8d094ae5087a0356df57a8d123e4628b5e5f9f857c2f2233a9166ca98827ef1654ce71e7a8726e210175759c11fa78cc6a8487abfe84acc9470b183743e64cdf03b5c91461b5c2bedc84c8a5f08466a9d1e6e65ea26212732341dbd2e2968b1d8ebc46e6f14d85b98867314582f94408bc5153d90b0dab35106afe478c9576fe74e59e4ee826499fad477a9077693e992fa98d89084e7e4d9dfd27695f2a57b0b6f85b3deec2f99cc14291994fa05dfbf7d8c308e8cf3a2899f7ab0f251e5dd76c678abaa2ae79b465a3c707be12f14f50fd4e4bbc5c3ab9656406c8ecd30fe803fe7276b71ad1f9656d414d603a40e8db74876bf824d4f2461741044fe42ee726d5c47be12a9d8046cfa5691e315e05773df780f35f90307d60db4672939bc673eea0126e163342a4be21e727e956c550ce5808c01cda53f598d7090a76709586237328105b7ac16d8002a28780ab0a3e03f660476767ee97dc47a800a4bceea7a6319b4fe47ccd92123265a705ab3f1b9f6e44a5f10e742471fde72352798c85fce58a55bf86059ada5dd2a74964ff8ce32549bf1d9eac0412c7169dc9f0624e59ae5692d41fa750749349bb40cfb11f19c8b5ddc9713124f42c59e82cd0a785c94bd23a3a70c044d88f9908fc84aeb56fb96da8778ecc95414ebabe4774db30eabab0bf98c8bbc0822e0250b7aaf25ae177510ca88ca39b92d4cc21d6a66476ec206192555e85041c0cc459e6d3a1fc5a2821ba907a0291f81473fb916bf1968799fd2181945fe931d629c596794d8918c8b214b34d67a70675a27ff73daba317a895f2d01901f3e4f55f804255fed013503960b2cc38c4f50fe1992640380378e8feea4ace373640bd7b8c73300b4e472badca622825d3fecbba8d861bfffd8d8716b714221fe9aa1e0fd19c2ed4110da8d41ef288dd00b31191b8e42878a54607970f71dc7b30dcc8b7ab0463d25924b850c8a54742f93c5785d0465e5e7d55f0ba035382f9a85639bf533c358d08e99246efe57f813b43200c3e8ffb099443be9193e2172c141fd1c623ecd09484ce73b2ff3dd656a8f7eb8d2cb87861eaa62f662406355df62d2c147c7fc2ae3d49f51920cc8de87caf2b31d2b7be30098704cad02454dfa6690fc296fce0bcfed4d346595c4af9c3f00ab2fcc57e7d4c0b9f7fccf6aca2c4e853d5dcb0d019202a8390cad7c25f2944f93543bf297cd4948f4163fe4313087a6e2e22e72bb7660b09ec5e7a7b3ba81187300f2839a3e9ee6999b40db4ccd3f5d5e3a3d45b7cce5596472", 0x1000, 0x4808, &(0x7f0000000000)={0x23, 0x7, 0x2, 0xff}, 0x10)
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x4)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a0101aa00004e2200000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0) (async)
sendto$phonet(0xffffffffffffffff, &(0x7f0000000400)="f9136b9b6d226ac4bb58616f0b9e3126b07537b15df1bb92ec9da7e6a66cbd20faf176edbac7ecd3ad565956189fc2ae259852fe9c42ae074710e558bdb3ed596733fc7b2b5930d83627f012e0296fbf677d524ba878787578a0f4047db5a432721d4801bd4d4a70b452d6752e618c1f306e857c449584b61f4570d1bd23fbc07f1f7d8adc761e442f0e7b22f95e8b6ac224aab11b285434e993579c88b1220e3a3b3bb50e5122d337d62af5e6da344d238aa58eb9edb47b6b63bbb9de495fc0df7f11f250ccceff71f02fe73f3c60b97ccd0331ddc3165d09ae7d0b3b3ab0906e972109c173d4251ec30aa3cf67986e0cd53cc5b82ede4299bdeac154b8c4a9a5d2e83802c94a11f239c044bd35eca5d0ba690363f83438407593912f0ef26f905a4a7ebbfebc6ebd818cc9ef313d140b57a07856ad307b355770f730c2ba53eb221a8dc55466919fd8183a5495012f1556a7421118f1a9b1e9f11d5ed816868fb7197926621d3a16550e384653a021f9fe9b8e73751e0f165223bfd5988e326516132e0f357bc5226ebea3a6a87d443fe733af8c80530c2e2d187d352ac08ae61c3725f06b4000ab956c3d934304edca645df43c4c64851760c23c0fc65aad65060c5f3f26c5a8133bf3e13a3c7e743a2c3d0a2f06e5d97b8718e687cc17b37a48f018a1ddec1e50fa416ae157d0f61a0d3a90a9be8194ce11d9401ba5f9ef655b899c3dfdbc9a62e532ff5ee844440edc8f020b9f2357464869b837c506c9ce0c078ce81c12dabba6ba53e1b21f510e66f45c9d581a7dbc2bbe0713aa9b10b9ae6d91dcfeac3e578f58ef6b9d84f7d9933dd80d3c59490fd2a19f24e896fb4280f115657bddad011359fdbb90ffc7fbc668776ae1f509d8be3cb5a504739b126feb55565f48cc666fa83c5e9847b3cbb714b070bd3cc3d608c67c569402e5783c635e08bc588a331e3ff9a6a4ea27083968e09e69e1b8a19f99eaf33775770b12651b4187bd19d8eed5f09d9be68b1bea8251f5c3dde4ee840cb00435fcfe94b8b619814e4a15e8f6aa11441337dad824f90b41f612d6b1a797ca1b03660a3156c348e2cc92b96bf807c01b50f31d790bea4389f17828fd1e9e1149bda924c420cfdfcfd99e94487630a9f5987f8397d23de450fe791c8838b1f68e92438de82f6fb5d0717e3841c6cf8e6eac19a7e5f67325c0bb4045fc4251aca72f462acac1cc3fa2574e4b82cf165ed5118d67b5ab83550e9ab41d2395a4880baeff8f21464523752650b28b64872be6e2187ff2b2e7420386da7d23d667d9fe19ec32d6e645da04d74edb9cef421a1158c3183b207f7577fa650a74253c9ed1bd2b79df22b28e42bba3f80db0d8e03d93586f75a6a0d9906097d36bfcadaa892bce4ca12f1992867189ff52ad27b359827a3ce6c8674399d55a79430174e03c059e1df60f4aea7781f6bd6b1ee52a0e20f0316e8f4aff944652a9192d34168776fd5924866b29694e9a8b63f1ffd94dc732e350012affe6b5b2191c605cb8760c4cf9cc87eadfc23c1dc917caa3924e5e885d9b22c0197452054c4a1a07eb33689c7f036f92b1227d55a32a2f41af95ec74550659c4d7dfc5ae9493eb874e24dbda5c73bd386c7121746fc3dee9863a2bff0df615a2e37c8fa40cde496c9bd681f3d22d5f44c440afc5320c7bc6d2778311c5c614bf52165d205dad3d8f6703a85306982d35e5f054a8671dcd23f82ed185274047991d7037c57bb64a657de4b12e6bde61fcf638d92cfd4314380c43d0df9a03b6df894fc334600719297d475c68f2794a2770fff25f8e9882fa1b85262da6575fefe8535939975d0508d8618497fb44d4ab8b86525f2a98ef1ed2b26e011943a7d760ed4732891070a1040f4ac6c79c071aac4d31cb9b10c672a1cbade6241ec6932cd5d413cf71ae94bf95b569bab45e6ba2e6060b714451db233b2786168aedb21ba39ba653c2c9408b6d3e113876d63994b07d5af60bc4957ce6a45f712fb1a1886aeb3efda775d577187db9e83d66cb7355fac8e5d3add7da48f029d9c8a185057f81f4c2745d286d01bdaddb86925461a965a8a22dc49c6478910f09b11c82447fa571cbfdc2552ea62e60a76d866b0e43c0e950e03e764b60fd30201ec6a4ff7d135650d4aaed37252f03b5804990e3619e9fd04f4a333ad60b74a412f9bf9e6a65fcd3b4d421ccd9b0a00cc80aed32a4f751474735e6466bbaf30da2e5ad3ceb1e25ca27459aa7fe81baa3485d395ed1764785363724fb868986ad8f034ab381a8aa0e9c84a6aea669cbdd3468b00badcc927fed57d8a3df86e7d74afe5e00e838b0259e796762993980aa9cf5161c693e270944c1a28d539f22613aa1d5204963977656677c0b89329d2cf91a9164c588b555c84a0824d5a1db540bfd7f40c55b461200db980b43e46f2c485a53a883d5241ff1b60dbd5a7613b4354b6a332757fa3c8eb413c14053ed83c6ea88f465f31434a9e648905aa63b57bc1069e79ee8cdc7994cda4ccd54cf5e80638be4ae434563cc9a7c64ba36f4c9c9409ba74081fc4d0edeb237e32a110dd148deb0f212cd1aa1d7cd4f9d5ed7e15462275d6969720892adb3cbf89a25d26f9edce615181b69de5f51dd78dd1bbd5928e6892105d74e9e60b56c58ef7c00f7b7734aa5e036429196a02bd5d410223c24500464e764ef84f62f3a2776822bacf68ae55248634814bc4c1ad09b52c452745603639cc7377ae6c6b2d71967be69544d235114ffa73cc90947b87057bcf28d466739d85727035d0a9ed93f5b8fb377a06646d1cc8b63dbfed333c9fafa19fa75f6432928e6e831427afb6baf898a6fdf1bb0814e05012331f965a0c51d356873f3dfa3f1bcaa7f5d600e138f79bd8883bfe266cda0747127223df72d970006680a65a205bac0f4087e2267127b5c1da2450ce9232911aa432bc8f233c329548c5d5564decaddf706747efd054467bf716b1e53b9534608f914c829bb4398139d59f96c69f013cc96770c7b929c07ea0b4727c1d62799d29a8b77cc938ef9b756deb0a2b4ea17b26279dc75e1d92c2a56f4fbb62fac256a3c9bf41a8424105a32760378138b8eaf644a9b8a3e9b218bd2277aaa22fe6e9fe14c3b5ec7f6c1b408cecbfb229b2ce377b0b1834e8b24a398f334cb57457edc00e924c016a68e1177899ff7f66a04cb3d970db37497f03016df346a336da88bbe951a1ecde92b608f287f48f8a46c7d2ebb2c03ccbf37c6cc397b95f9b907b2a33301ea689b773cc8481a2878cd7c0d7c6a07ad2375f153aeebe08ac1f671ceb263f5351b47c6c650c99d0626b1de256c837fb676faadb249f251699988b02587601aba55c255d1a70f53eb1a53a02055c66897873ca624f74b9d3fcf358b903051ae00445cdca2914cc9240ee4064c097eb589da65d7d76749f17ebd55c2e402ffd7b357353b5488c05d6ebec159d83634351aecf3c2ec40488e1fe1f1eadf8cdc27b74898c30814f42d52f9c05e240c3a3bb75ebeae35ffaeaf013eb432cc0f4c84c1a68baf75a7fddb98badc3bad172760a6ecc39d18f7cad1033f0b2650e50e335f78c60b4633797cfba2ae536e3e96ae81dc373e7883e03d7eef356d75c5e72c84bfbe4c7d2e0612d3bcfd1611507d725d791b1217a30f19e6b3dca97ae1b03301a83d6f674af2150870aa27b348aecea4bfa6b6a5e2014beb0c27d5101ed12344d3ab6221a62896422643070e869674aa33124bd8908975218c8fc4c74392be952e88420f2e5deda2f9902a940f52b8c07ca07a7fe89e36ec4e208f4978d270e94c03b96434bcadcf489a4dc85880fdddf8bef5adbfa61317c104c953edfe5df05e85065f463ab4f80ff5bd81579857ba544f83ce503cb603799393f9af8406cf4657750413b05164ec55669546ebc2659bd3b5066aa2b30a45e04778480c41e4cbfc1ecf8efa42e48ecdba8b9a819872fa9a51de6eae249ef9114d35bb79f476789eeb46464edc601a1c18e526766b7a0fe361e57162d169183ada16fa753e8904072d89a042061050b8a7e612ee63a798986d86467e5d48751936e64862cc9c8eea0646ce6149439079a404cc4bd5ef030a722f5a21be90fc2df6ab428880dc45ab4f1321aab2eeee089c41314a3fe10b20dcf0fb0ee7af996b5eddf70488d4084267ca4885a55c9e2d45fbcdf788e6e3fab6025686264657f9c0d429733a529f4d909dbd13912e6a61251e1a5595e52c05a9feaae379832d9b85eed205999c1631f2151b1961c4e87fdf9d77650de0341e2fdd4d052e0ebaae3a69951d9f199bd7273dc6c81171cb9fb87dad7e272ed78de95e171c1923d678ad4667c238e10bbda266d39b001d5f5835596ff731533426d3ebf4f6501b144ce92832aa381105bf5908e34cfb8c4654e7f13e5b1c2a4da11f24537245461c77098df4454ddc6da4dfa100c27afff6c887747df7e3a8d3cc638a270ce03978feef69ebf8d094ae5087a0356df57a8d123e4628b5e5f9f857c2f2233a9166ca98827ef1654ce71e7a8726e210175759c11fa78cc6a8487abfe84acc9470b183743e64cdf03b5c91461b5c2bedc84c8a5f08466a9d1e6e65ea26212732341dbd2e2968b1d8ebc46e6f14d85b98867314582f94408bc5153d90b0dab35106afe478c9576fe74e59e4ee826499fad477a9077693e992fa98d89084e7e4d9dfd27695f2a57b0b6f85b3deec2f99cc14291994fa05dfbf7d8c308e8cf3a2899f7ab0f251e5dd76c678abaa2ae79b465a3c707be12f14f50fd4e4bbc5c3ab9656406c8ecd30fe803fe7276b71ad1f9656d414d603a40e8db74876bf824d4f2461741044fe42ee726d5c47be12a9d8046cfa5691e315e05773df780f35f90307d60db4672939bc673eea0126e163342a4be21e727e956c550ce5808c01cda53f598d7090a76709586237328105b7ac16d8002a28780ab0a3e03f660476767ee97dc47a800a4bceea7a6319b4fe47ccd92123265a705ab3f1b9f6e44a5f10e742471fde72352798c85fce58a55bf86059ada5dd2a74964ff8ce32549bf1d9eac0412c7169dc9f0624e59ae5692d41fa750749349bb40cfb11f19c8b5ddc9713124f42c59e82cd0a785c94bd23a3a70c044d88f9908fc84aeb56fb96da8778ecc95414ebabe4774db30eabab0bf98c8bbc0822e0250b7aaf25ae177510ca88ca39b92d4cc21d6a66476ec206192555e85041c0cc459e6d3a1fc5a2821ba907a0291f81473fb916bf1968799fd2181945fe931d629c596794d8918c8b214b34d67a70675a27ff73daba317a895f2d01901f3e4f55f804255fed013503960b2cc38c4f50fe1992640380378e8feea4ace373640bd7b8c73300b4e472badca622825d3fecbba8d861bfffd8d8716b714221fe9aa1e0fd19c2ed4110da8d41ef288dd00b31191b8e42878a54607970f71dc7b30dcc8b7ab0463d25924b850c8a54742f93c5785d0465e5e7d55f0ba035382f9a85639bf533c358d08e99246efe57f813b43200c3e8ffb099443be9193e2172c141fd1c623ecd09484ce73b2ff3dd656a8f7eb8d2cb87861eaa62f662406355df62d2c147c7fc2ae3d49f51920cc8de87caf2b31d2b7be30098704cad02454dfa6690fc296fce0bcfed4d346595c4af9c3f00ab2fcc57e7d4c0b9f7fccf6aca2c4e853d5dcb0d019202a8390cad7c25f2944f93543bf297cd4948f4163fe4313087a6e2e22e72bb7660b09ec5e7a7b3ba81187300f2839a3e9ee6999b40db4ccd3f5d5e3a3d45b7cce5596472", 0x1000, 0x4808, &(0x7f0000000000)={0x23, 0x7, 0x2, 0xff}, 0x10) (async)
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x4) (async)

01:37:06 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x1d}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:37:06 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async, rerun: 32)
listen(r0, 0x0) (async, rerun: 32)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002800000000000690780a0101aa00004e2200000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0) (async)
sendto$phonet(0xffffffffffffffff, &(0x7f0000000400)="f9136b9b6d226ac4bb58616f0b9e3126b07537b15df1bb92ec9da7e6a66cbd20faf176edbac7ecd3ad565956189fc2ae259852fe9c42ae074710e558bdb3ed596733fc7b2b5930d83627f012e0296fbf677d524ba878787578a0f4047db5a432721d4801bd4d4a70b452d6752e618c1f306e857c449584b61f4570d1bd23fbc07f1f7d8adc761e442f0e7b22f95e8b6ac224aab11b285434e993579c88b1220e3a3b3bb50e5122d337d62af5e6da344d238aa58eb9edb47b6b63bbb9de495fc0df7f11f250ccceff71f02fe73f3c60b97ccd0331ddc3165d09ae7d0b3b3ab0906e972109c173d4251ec30aa3cf67986e0cd53cc5b82ede4299bdeac154b8c4a9a5d2e83802c94a11f239c044bd35eca5d0ba690363f83438407593912f0ef26f905a4a7ebbfebc6ebd818cc9ef313d140b57a07856ad307b355770f730c2ba53eb221a8dc55466919fd8183a5495012f1556a7421118f1a9b1e9f11d5ed816868fb7197926621d3a16550e384653a021f9fe9b8e73751e0f165223bfd5988e326516132e0f357bc5226ebea3a6a87d443fe733af8c80530c2e2d187d352ac08ae61c3725f06b4000ab956c3d934304edca645df43c4c64851760c23c0fc65aad65060c5f3f26c5a8133bf3e13a3c7e743a2c3d0a2f06e5d97b8718e687cc17b37a48f018a1ddec1e50fa416ae157d0f61a0d3a90a9be8194ce11d9401ba5f9ef655b899c3dfdbc9a62e532ff5ee844440edc8f020b9f2357464869b837c506c9ce0c078ce81c12dabba6ba53e1b21f510e66f45c9d581a7dbc2bbe0713aa9b10b9ae6d91dcfeac3e578f58ef6b9d84f7d9933dd80d3c59490fd2a19f24e896fb4280f115657bddad011359fdbb90ffc7fbc668776ae1f509d8be3cb5a504739b126feb55565f48cc666fa83c5e9847b3cbb714b070bd3cc3d608c67c569402e5783c635e08bc588a331e3ff9a6a4ea27083968e09e69e1b8a19f99eaf33775770b12651b4187bd19d8eed5f09d9be68b1bea8251f5c3dde4ee840cb00435fcfe94b8b619814e4a15e8f6aa11441337dad824f90b41f612d6b1a797ca1b03660a3156c348e2cc92b96bf807c01b50f31d790bea4389f17828fd1e9e1149bda924c420cfdfcfd99e94487630a9f5987f8397d23de450fe791c8838b1f68e92438de82f6fb5d0717e3841c6cf8e6eac19a7e5f67325c0bb4045fc4251aca72f462acac1cc3fa2574e4b82cf165ed5118d67b5ab83550e9ab41d2395a4880baeff8f21464523752650b28b64872be6e2187ff2b2e7420386da7d23d667d9fe19ec32d6e645da04d74edb9cef421a1158c3183b207f7577fa650a74253c9ed1bd2b79df22b28e42bba3f80db0d8e03d93586f75a6a0d9906097d36bfcadaa892bce4ca12f1992867189ff52ad27b359827a3ce6c8674399d55a79430174e03c059e1df60f4aea7781f6bd6b1ee52a0e20f0316e8f4aff944652a9192d34168776fd5924866b29694e9a8b63f1ffd94dc732e350012affe6b5b2191c605cb8760c4cf9cc87eadfc23c1dc917caa3924e5e885d9b22c0197452054c4a1a07eb33689c7f036f92b1227d55a32a2f41af95ec74550659c4d7dfc5ae9493eb874e24dbda5c73bd386c7121746fc3dee9863a2bff0df615a2e37c8fa40cde496c9bd681f3d22d5f44c440afc5320c7bc6d2778311c5c614bf52165d205dad3d8f6703a85306982d35e5f054a8671dcd23f82ed185274047991d7037c57bb64a657de4b12e6bde61fcf638d92cfd4314380c43d0df9a03b6df894fc334600719297d475c68f2794a2770fff25f8e9882fa1b85262da6575fefe8535939975d0508d8618497fb44d4ab8b86525f2a98ef1ed2b26e011943a7d760ed4732891070a1040f4ac6c79c071aac4d31cb9b10c672a1cbade6241ec6932cd5d413cf71ae94bf95b569bab45e6ba2e6060b714451db233b2786168aedb21ba39ba653c2c9408b6d3e113876d63994b07d5af60bc4957ce6a45f712fb1a1886aeb3efda775d577187db9e83d66cb7355fac8e5d3add7da48f029d9c8a185057f81f4c2745d286d01bdaddb86925461a965a8a22dc49c6478910f09b11c82447fa571cbfdc2552ea62e60a76d866b0e43c0e950e03e764b60fd30201ec6a4ff7d135650d4aaed37252f03b5804990e3619e9fd04f4a333ad60b74a412f9bf9e6a65fcd3b4d421ccd9b0a00cc80aed32a4f751474735e6466bbaf30da2e5ad3ceb1e25ca27459aa7fe81baa3485d395ed1764785363724fb868986ad8f034ab381a8aa0e9c84a6aea669cbdd3468b00badcc927fed57d8a3df86e7d74afe5e00e838b0259e796762993980aa9cf5161c693e270944c1a28d539f22613aa1d5204963977656677c0b89329d2cf91a9164c588b555c84a0824d5a1db540bfd7f40c55b461200db980b43e46f2c485a53a883d5241ff1b60dbd5a7613b4354b6a332757fa3c8eb413c14053ed83c6ea88f465f31434a9e648905aa63b57bc1069e79ee8cdc7994cda4ccd54cf5e80638be4ae434563cc9a7c64ba36f4c9c9409ba74081fc4d0edeb237e32a110dd148deb0f212cd1aa1d7cd4f9d5ed7e15462275d6969720892adb3cbf89a25d26f9edce615181b69de5f51dd78dd1bbd5928e6892105d74e9e60b56c58ef7c00f7b7734aa5e036429196a02bd5d410223c24500464e764ef84f62f3a2776822bacf68ae55248634814bc4c1ad09b52c452745603639cc7377ae6c6b2d71967be69544d235114ffa73cc90947b87057bcf28d466739d85727035d0a9ed93f5b8fb377a06646d1cc8b63dbfed333c9fafa19fa75f6432928e6e831427afb6baf898a6fdf1bb0814e05012331f965a0c51d356873f3dfa3f1bcaa7f5d600e138f79bd8883bfe266cda0747127223df72d970006680a65a205bac0f4087e2267127b5c1da2450ce9232911aa432bc8f233c329548c5d5564decaddf706747efd054467bf716b1e53b9534608f914c829bb4398139d59f96c69f013cc96770c7b929c07ea0b4727c1d62799d29a8b77cc938ef9b756deb0a2b4ea17b26279dc75e1d92c2a56f4fbb62fac256a3c9bf41a8424105a32760378138b8eaf644a9b8a3e9b218bd2277aaa22fe6e9fe14c3b5ec7f6c1b408cecbfb229b2ce377b0b1834e8b24a398f334cb57457edc00e924c016a68e1177899ff7f66a04cb3d970db37497f03016df346a336da88bbe951a1ecde92b608f287f48f8a46c7d2ebb2c03ccbf37c6cc397b95f9b907b2a33301ea689b773cc8481a2878cd7c0d7c6a07ad2375f153aeebe08ac1f671ceb263f5351b47c6c650c99d0626b1de256c837fb676faadb249f251699988b02587601aba55c255d1a70f53eb1a53a02055c66897873ca624f74b9d3fcf358b903051ae00445cdca2914cc9240ee4064c097eb589da65d7d76749f17ebd55c2e402ffd7b357353b5488c05d6ebec159d83634351aecf3c2ec40488e1fe1f1eadf8cdc27b74898c30814f42d52f9c05e240c3a3bb75ebeae35ffaeaf013eb432cc0f4c84c1a68baf75a7fddb98badc3bad172760a6ecc39d18f7cad1033f0b2650e50e335f78c60b4633797cfba2ae536e3e96ae81dc373e7883e03d7eef356d75c5e72c84bfbe4c7d2e0612d3bcfd1611507d725d791b1217a30f19e6b3dca97ae1b03301a83d6f674af2150870aa27b348aecea4bfa6b6a5e2014beb0c27d5101ed12344d3ab6221a62896422643070e869674aa33124bd8908975218c8fc4c74392be952e88420f2e5deda2f9902a940f52b8c07ca07a7fe89e36ec4e208f4978d270e94c03b96434bcadcf489a4dc85880fdddf8bef5adbfa61317c104c953edfe5df05e85065f463ab4f80ff5bd81579857ba544f83ce503cb603799393f9af8406cf4657750413b05164ec55669546ebc2659bd3b5066aa2b30a45e04778480c41e4cbfc1ecf8efa42e48ecdba8b9a819872fa9a51de6eae249ef9114d35bb79f476789eeb46464edc601a1c18e526766b7a0fe361e57162d169183ada16fa753e8904072d89a042061050b8a7e612ee63a798986d86467e5d48751936e64862cc9c8eea0646ce6149439079a404cc4bd5ef030a722f5a21be90fc2df6ab428880dc45ab4f1321aab2eeee089c41314a3fe10b20dcf0fb0ee7af996b5eddf70488d4084267ca4885a55c9e2d45fbcdf788e6e3fab6025686264657f9c0d429733a529f4d909dbd13912e6a61251e1a5595e52c05a9feaae379832d9b85eed205999c1631f2151b1961c4e87fdf9d77650de0341e2fdd4d052e0ebaae3a69951d9f199bd7273dc6c81171cb9fb87dad7e272ed78de95e171c1923d678ad4667c238e10bbda266d39b001d5f5835596ff731533426d3ebf4f6501b144ce92832aa381105bf5908e34cfb8c4654e7f13e5b1c2a4da11f24537245461c77098df4454ddc6da4dfa100c27afff6c887747df7e3a8d3cc638a270ce03978feef69ebf8d094ae5087a0356df57a8d123e4628b5e5f9f857c2f2233a9166ca98827ef1654ce71e7a8726e210175759c11fa78cc6a8487abfe84acc9470b183743e64cdf03b5c91461b5c2bedc84c8a5f08466a9d1e6e65ea26212732341dbd2e2968b1d8ebc46e6f14d85b98867314582f94408bc5153d90b0dab35106afe478c9576fe74e59e4ee826499fad477a9077693e992fa98d89084e7e4d9dfd27695f2a57b0b6f85b3deec2f99cc14291994fa05dfbf7d8c308e8cf3a2899f7ab0f251e5dd76c678abaa2ae79b465a3c707be12f14f50fd4e4bbc5c3ab9656406c8ecd30fe803fe7276b71ad1f9656d414d603a40e8db74876bf824d4f2461741044fe42ee726d5c47be12a9d8046cfa5691e315e05773df780f35f90307d60db4672939bc673eea0126e163342a4be21e727e956c550ce5808c01cda53f598d7090a76709586237328105b7ac16d8002a28780ab0a3e03f660476767ee97dc47a800a4bceea7a6319b4fe47ccd92123265a705ab3f1b9f6e44a5f10e742471fde72352798c85fce58a55bf86059ada5dd2a74964ff8ce32549bf1d9eac0412c7169dc9f0624e59ae5692d41fa750749349bb40cfb11f19c8b5ddc9713124f42c59e82cd0a785c94bd23a3a70c044d88f9908fc84aeb56fb96da8778ecc95414ebabe4774db30eabab0bf98c8bbc0822e0250b7aaf25ae177510ca88ca39b92d4cc21d6a66476ec206192555e85041c0cc459e6d3a1fc5a2821ba907a0291f81473fb916bf1968799fd2181945fe931d629c596794d8918c8b214b34d67a70675a27ff73daba317a895f2d01901f3e4f55f804255fed013503960b2cc38c4f50fe1992640380378e8feea4ace373640bd7b8c73300b4e472badca622825d3fecbba8d861bfffd8d8716b714221fe9aa1e0fd19c2ed4110da8d41ef288dd00b31191b8e42878a54607970f71dc7b30dcc8b7ab0463d25924b850c8a54742f93c5785d0465e5e7d55f0ba035382f9a85639bf533c358d08e99246efe57f813b43200c3e8ffb099443be9193e2172c141fd1c623ecd09484ce73b2ff3dd656a8f7eb8d2cb87861eaa62f662406355df62d2c147c7fc2ae3d49f51920cc8de87caf2b31d2b7be30098704cad02454dfa6690fc296fce0bcfed4d346595c4af9c3f00ab2fcc57e7d4c0b9f7fccf6aca2c4e853d5dcb0d019202a8390cad7c25f2944f93543bf297cd4948f4163fe4313087a6e2e22e72bb7660b09ec5e7a7b3ba81187300f2839a3e9ee6999b40db4ccd3f5d5e3a3d45b7cce5596472", 0x1000, 0x4808, &(0x7f0000000000)={0x23, 0x7, 0x2, 0xff}, 0x10) (async)
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x4)

01:37:06 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xe3, 0x0, 0x0, 0x200000000000000)

[  555.215872][T16025] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:37:06 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @broadcast}, 0x3)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

01:37:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYBLOB], 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)
nanosleep(0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0xf}, 0x0, 0x0)

01:37:06 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180)={0x0, r1})
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xe3ffffff, 0x0, 0x0, 0x200000000000000)

01:37:06 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x1e}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

01:37:06 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0xf0, 0x0, 0x0, 0x200000000000000)

01:37:06 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0)
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x20000000, 0x0, 0x0, 0x200000000000000)

01:37:06 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @broadcast}, 0x3) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  555.734017][T16042] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  555.776965][T16043] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:37:06 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100))
r2 = syz_io_uring_setup(0x56c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x6, 0x1000000000000007, &(0x7f0000000400)}, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000180)={0x0, r1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r2, 0x2905, 0x2000, 0x0, 0x0, 0x200000000000000)

01:37:06 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @broadcast}, 0x3) (async)
listen(r0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[  555.960355][T16051] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:37:06 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000080)={@in6={{0xa, 0x4e23, 0x35, @private2, 0xd2d3}}, 0x0, 0x0, 0x3c, 0x0, "c6c93c574f3a7164d888bf887c97b4705ba6d7d14289d7396b05b674f8b86f0d2f2f2c0343933adc3f46d9fdf6d8872b3bad56ad4e4ffd13f5b03aa4abd856c5184974e9a4f316d4336608ad02271b49"}, 0xd8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
listen(r1, 0xb)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x7, &(0x7f0000000180)=[{0x7, 0x6, 0x81, 0x1}, {0x100, 0x8c, 0x0, 0x2}, {0x1, 0x7c, 0x9, 0x1}, {0x7, 0x0, 0x91, 0x4}, {0x8, 0x1, 0x6, 0x2}, {0x7, 0x5, 0xff, 0x5}, {0x400, 0x8, 0x3, 0x5}]}, 0x10)
socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={<r2=>r0})
listen(r2, 0xd33)
syz_emit_ethernet(0x3a, &(0x7f0000000200)=ANY=[@ANYBLOB="aaa1aaaaaaaabbbbff9400000006908300000000ac1414aa00004e220000000000000000000088da3b5f5345830f2afa92aeeaeeb287931e96e02d168ed67820cb616599e30bf0b83b009a709b4dc1e3759cc834cbe944d6ac56537fdd0ffc8d2262f3ac35033b3df8999b000000000000000000000000000000fb1b87e62eee1c57953225220bace80fa6d6945c5748c4c03cdad9fd746705539b1510b0f7cb5a260e3d33b959d5ca4bd6f1ba62d6c4300f95bb409a3625f1f6707dc14934ef65596a7a366604c18142c387be2b40bbfe2c2957f57493ae622526c2356f89c8682fd3f74d6de737e6b2b671edadf5894d9f7bb3ff2f582a29554cbde06a3b3ac28e44046ae8adabc425cfc676e242860fab060153c88af5bb792935928b0744b5cbe9ba8cad87", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="6c0200009078000002040500"], 0x0)

01:37:07 executing program 4:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b={0x8, 0x2, 0x11, 0x0, 0x21}, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e)

[  556.174624][ T3742] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  556.204927][T16060] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
01:37:07 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000080)={@in6={{0xa, 0x4e23, 0x35, @private2, 0xd2d3}}, 0x0, 0x0, 0x3c, 0x0, "c6c93c574f3a7164d888bf887c97b4705ba6d7d14289d7396b05b674f8b86f0d2f2f2c0343933adc3f46d9fdf6d8872b3bad56ad4e4ffd13f5b03aa4abd856c5184974e9a4f316d4336608ad02271b49"}, 0xd8) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
listen(r1, 0xb)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x7, &(0x7f0000000180)=[{0x7, 0x6, 0x81, 0x1}, {0x100, 0x8c, 0x0, 0x2}, {0x1, 0x7c, 0x9, 0x1}, {0x7, 0x0, 0x91, 0x4}, {0x8, 0x1, 0x6, 0x2}, {0x7, 0x5, 0xff, 0x5}, {0x400, 0x8, 0x3, 0x5}]}, 0x10) (async)
socket$bt_bnep(0x1f, 0x3, 0x4) (async, rerun: 32)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={<r2=>r0}) (rerun: 32)
listen(r2, 0xd33) (async, rerun: 32)
syz_emit_ethernet(0x3a, &(0x7f0000000200)=ANY=[@ANYBLOB="aaa1aaaaaaaabbbbff9400000006908300000000ac1414aa00004e220000000000000000000088da3b5f5345830f2afa92aeeaeeb287931e96e02d168ed67820cb616599e30bf0b83b009a709b4dc1e3759cc834cbe944d6ac56537fdd0ffc8d2262f3ac35033b3df8999b000000000000000000000000000000fb1b87e62eee1c57953225220bace80fa6d6945c5748c4c03cdad9fd746705539b1510b0f7cb5a260e3d33b959d5ca4bd6f1ba62d6c4300f95bb409a3625f1f6707dc14934ef65596a7a366604c18142c387be2b40bbfe2c2957f57493ae622526c2356f89c8682fd3f74d6de737e6b2b671edadf5894d9f7bb3ff2f582a29554cbde06a3b3ac28e44046ae8adabc425cfc676e242860fab060153c88af5bb792935928b0744b5cbe9ba8cad87", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="6c0200009078000002040500"], 0x0) (rerun: 32)

[  556.239193][T10197] Bluetooth: hci1: command 0x041b tx timeout
01:37:07 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) (async)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000080)={@in6={{0xa, 0x4e23, 0x35, @private2, 0xd2d3}}, 0x0, 0x0, 0x3c, 0x0, "c6c93c574f3a7164d888bf887c97b4705ba6d7d14289d7396b05b674f8b86f0d2f2f2c0343933adc3f46d9fdf6d8872b3bad56ad4e4ffd13f5b03aa4abd856c5184974e9a4f316d4336608ad02271b49"}, 0xd8) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
listen(r1, 0xb) (async)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x7, &(0x7f0000000180)=[{0x7, 0x6, 0x81, 0x1}, {0x100, 0x8c, 0x0, 0x2}, {0x1, 0x7c, 0x9, 0x1}, {0x7, 0x0, 0x91, 0x4}, {0x8, 0x1, 0x6, 0x2}, {0x7, 0x5, 0xff, 0x5}, {0x400, 0x8, 0x3, 0x5}]}, 0x10) (async)
socket$bt_bnep(0x1f, 0x3, 0x4) (async)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={<r2=>r0})
listen(r2, 0xd33) (async)
syz_emit_ethernet(0x3a, &(0x7f0000000200)=ANY=[@ANYBLOB="aaa1aaaaaaaabbbbff9400000006908300000000ac1414aa00004e220000000000000000000088da3b5f5345830f2afa92aeeaeeb287931e96e02d168ed67820cb616599e30bf0b83b009a709b4dc1e3759cc834cbe944d6ac56537fdd0ffc8d2262f3ac35033b3df8999b000000000000000000000000000000fb1b87e62eee1c57953225220bace80fa6d6945c5748c4c03cdad9fd746705539b1510b0f7cb5a260e3d33b959d5ca4bd6f1ba62d6c4300f95bb409a3625f1f6707dc14934ef65596a7a366604c18142c387be2b40bbfe2c2957f57493ae622526c2356f89c8682fd3f74d6de737e6b2b671edadf5894d9f7bb3ff2f582a29554cbde06a3b3ac28e44046ae8adabc425cfc676e242860fab060153c88af5bb792935928b0744b5cbe9ba8cad87", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="6c0200009078000002040500"], 0x0)

[  556.338207][ T3742] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  556.398998][   T11] ------------[ cut here ]------------
[  556.407110][   T11] refcount_t: addition on 0; use-after-free.
[  556.425365][   T11] WARNING: CPU: 0 PID: 11 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0
[  556.446598][   T11] Modules linked in:
[  556.455127][   T11] CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  556.469665][ T3742] ------------[ cut here ]------------
[  556.477392][ T3742] refcount_t: saturated; leaking memory.
[  556.491887][ T3742] WARNING: CPU: 0 PID: 3742 at lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0
[  556.506825][   T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  556.550539][ T3742] Modules linked in:
[  556.558071][   T11] Workqueue: krdsd rds_connect_worker
[  556.609531][ T3742] CPU: 0 PID: 3742 Comm: kworker/u4:6 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  556.651158][   T11] RIP: 0010:refcount_warn_saturate+0x169/0x1e0
[  556.695454][   T11] Code: 09 31 ff 89 de e8 87 c1 81 fd 84 db 0f 85 36 ff ff ff e8 9a bd 81 fd 48 c7 c7 80 ec 26 8a c6 05 25 ed ac 09 01 e8 2f fd 30 05 <0f> 0b e9 17 ff ff ff e8 7b bd 81 fd 0f b6 1d 0a ed ac 09 31 ff 89
[  556.728254][ T3742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  556.808823][ T3742] Workqueue: netns cleanup_net
[  556.825066][ T3742] RIP: 0010:refcount_warn_saturate+0xf4/0x1e0
[  556.838839][   T11] RSP: 0018:ffffc90000107b80 EFLAGS: 00010286
[  556.849724][ T3742] Code: 1d bc ed ac 09 31 ff 89 de e8 f8 c1 81 fd 84 db 75 ab e8 0f be 81 fd 48 c7 c7 e0 eb 26 8a c6 05 9c ed ac 09 01 e8 a4 fd 30 05 <0f> 0b eb 8f e8 f3 bd 81 fd 0f b6 1d 86 ed ac 09 31 ff 89 de e8 c3
[  556.884820][   T11] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  556.908824][ T3742] RSP: 0018:ffffc900045275d8 EFLAGS: 00010286
[  556.909251][   T11] RDX: ffff888010f03b00 RSI: ffffffff81601ae8 RDI: fffff52000020f62
[  556.915103][ T3742] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  556.915145][ T3742] RDX: ffff88807cde0000 RSI: ffffffff81601ae8 RDI: fffff520008a4ead
[  556.915165][ T3742] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  556.915184][ T3742] R10: ffffffff815fc4be R11: 0000000000000000 R12: ffff88801e5e814c
[  556.915203][ T3742] R13: ffff88801e5e8000 R14: 00000000c0000000 R15: 00000000c0000000
[  556.915220][ T3742] FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[  556.915245][ T3742] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  556.915263][ T3742] CR2: 00007f734ef691b8 CR3: 000000001e3c3000 CR4: 00000000003506e0
[  556.915281][ T3742] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  556.915298][ T3742] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  556.915316][ T3742] Call Trace:
[  556.915326][ T3742]  <TASK>
[  556.959566][   T11] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  557.040346][ T3742]  nf_nat_masq_schedule.part.0+0x529/0x630
[  557.058789][ T3742]  ? nf_nat_masquerade_inet_unregister_notifiers+0x70/0x70
[  557.066046][ T3742]  ? device_cmp+0x140/0x140
[  557.080158][ T3742]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  557.086453][ T3742]  ? nf_tables_flowtable_event+0x31/0x460
[  557.088751][   T11] R10: ffffffff815fc4be R11: 0000000000000000 R12: ffff88801e5e8000
[  557.108111][   T11] R13: ffff88801c62c800 R14: ffff88801e5e814c R15: ffff8880774ba900
[  557.108977][ T3742]  ? masq_device_event+0xc9/0x120
[  557.116603][   T11] FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[  557.130565][ T3742]  masq_device_event+0xf1/0x120
[  557.136932][   T11] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  557.143937][   T11] CR2: 00000000203b8000 CR3: 000000007f876000 CR4: 00000000003506f0
[  557.149184][ T3742]  notifier_call_chain+0xb5/0x200
[  557.152356][   T11] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  557.156950][ T3742]  call_netdevice_notifiers_info+0xb5/0x130
[  557.168798][   T11] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  557.171183][ T3742]  dev_close_many+0x2ff/0x620
[  557.184171][ T3742]  ? __skb_gso_segment+0x6e0/0x6e0
[  557.186036][   T11] Call Trace:
[  557.191071][ T3742]  ? lock_release+0x720/0x720
[  557.192691][   T11]  <TASK>
[  557.197362][ T3742]  unregister_netdevice_many+0x3ff/0x1890
[  557.200334][   T11]  rds_tcp_tune+0x5a0/0x5f0
[  557.206676][ T3742]  ? __mutex_lock+0x21a/0x12f0
[  557.215627][ T3742]  ? netdev_pick_tx+0xbe0/0xbe0
[  557.217962][   T11]  rds_tcp_conn_path_connect+0x489/0x880
[  557.221319][ T3742]  ? nsim_destroy+0x35/0x190
[  557.226851][   T11]  ? rds_tcp_state_change+0x240/0x240
[  557.236537][   T11]  ? lock_release+0x720/0x720
[  557.238580][ T3742]  ? netlink_broadcast+0x3f9/0xd60
[  557.241283][   T11]  ? lock_downgrade+0x6e0/0x6e0
[  557.241329][   T11]  ? lockdep_hardirqs_on+0x79/0x100
[  557.241355][   T11]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  557.241393][   T11]  rds_connect_worker+0x1a5/0x2c0
[  557.247423][ T3742]  ? mutex_lock_io_nested+0x1150/0x1150
[  557.251832][   T11]  process_one_work+0x996/0x1610
[  557.262983][ T3742]  unregister_netdevice_queue+0x2dd/0x3c0
[  557.275120][   T11]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  557.290898][   T11]  ? rwlock_bug.part.0+0x90/0x90
[  557.295867][   T11]  ? _raw_spin_lock_irq+0x41/0x50
[  557.295893][ T3742]  ? unregister_netdevice_many+0x1890/0x1890
[  557.301246][   T11]  worker_thread+0x665/0x1080
[  557.313093][   T11]  ? process_one_work+0x1610/0x1610
[  557.315796][ T3742]  ? queue_delayed_work_on+0xe6/0x120
[  557.318332][   T11]  kthread+0x2e9/0x3a0
[  557.323947][ T3742]  ? lockdep_hardirqs_on+0x79/0x100
[  557.323981][ T3742]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  557.324010][ T3742]  ? queue_delayed_work_on+0xbb/0x120
[  557.329090][   T11]  ? kthread_complete_and_exit+0x40/0x40
[  557.340739][ T3742]  nsim_destroy+0x3f/0x190
[  557.345376][   T11]  ret_from_fork+0x1f/0x30
[  557.355360][ T3742]  __nsim_dev_port_del+0x191/0x250
[  557.359978][   T11]  </TASK>
[  557.367875][   T11] Kernel panic - not syncing: panic_on_warn set ...
[  557.369169][ T3742]  nsim_dev_port_del_all+0x85/0xe0
[  557.369205][ T3742]  nsim_dev_reload_destroy+0x11f/0x420
[  557.369236][ T3742]  nsim_dev_reload_down+0xdf/0x180
[  557.369324][ T3742]  devlink_reload+0x1c2/0x6b0
[  557.369401][ T3742]  ? devlink_remote_reload_actions_performed+0xa0/0xa0
[  557.369428][ T3742]  ? devlink_try_get+0x159/0x1e0
[  557.369460][ T3742]  ? __mutex_unlock_slowpath+0x157/0x5e0
[  557.369491][ T3742]  devlink_pernet_pre_exit+0x17e/0x220
[  557.369518][ T3742]  ? devlink_nl_cmd_get_dumpit+0x3f0/0x3f0
[  557.369556][ T3742]  ? devlink_nl_cmd_get_dumpit+0x3f0/0x3f0
[  557.369584][ T3742]  cleanup_net+0x451/0xb00
[  557.369610][ T3742]  ? lockdep_hardirqs_on+0x79/0x100
[  557.369635][ T3742]  ? unregister_pernet_device+0x70/0x70
[  557.369676][ T3742]  process_one_work+0x996/0x1610
[  557.369714][ T3742]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  557.369745][ T3742]  ? rwlock_bug.part.0+0x90/0x90
[  557.369773][ T3742]  ? _raw_spin_lock_irq+0x41/0x50
[  557.369810][ T3742]  worker_thread+0x665/0x1080
[  557.369846][ T3742]  ? __kthread_parkme+0x15f/0x220
[  557.369876][ T3742]  ? process_one_work+0x1610/0x1610
[  557.369904][ T3742]  kthread+0x2e9/0x3a0
[  557.369923][ T3742]  ? kthread_complete_and_exit+0x40/0x40
[  557.369950][ T3742]  ret_from_fork+0x1f/0x30
[  557.369996][ T3742]  </TASK>
[  557.370005][ T3742] irq event stamp: 15002523
[  557.370015][ T3742] hardirqs last  enabled at (15002527): [<ffffffff815fb888>] __down_trylock_console_sem+0x108/0x120
[  557.370060][ T3742] hardirqs last disabled at (15002530): [<ffffffff815fb86a>] __down_trylock_console_sem+0xea/0x120
[  557.370093][ T3742] softirqs last  enabled at (15002422): [<ffffffff8147ca53>] __irq_exit_rcu+0x123/0x180
[  557.370124][ T3742] softirqs last disabled at (15002341): [<ffffffff8147ca53>] __irq_exit_rcu+0x123/0x180
[  557.370150][ T3742] ---[ end trace 0000000000000000 ]---
[  557.370589][ T3742] ------------[ cut here ]------------
[  557.370597][ T3742] WARNING: CPU: 1 PID: 3742 at lib/ref_tracker.c:77 ref_tracker_alloc+0x323/0x550
[  557.370641][ T3742] Modules linked in:
[  557.370656][ T3742] CPU: 1 PID: 3742 Comm: kworker/u4:6 Tainted: G        W         5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  557.370683][ T3742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  557.370700][ T3742] Workqueue: netns cleanup_net
[  557.370725][ T3742] RIP: 0010:ref_tracker_alloc+0x323/0x550
[  557.370749][ T3742] Code: 81 c4 f0 00 00 00 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 ae 3c 5f fd 41 81 cf 00 80 00 00 e9 b9 fd ff ff e8 9d 3c 5f fd <0f> 0b e9 7d fd ff ff e8 91 3c 5f fd 4c 8d 75 48 be 04 00 00 00 41
[  557.370771][ T3742] RSP: 0018:ffffc900045274c8 EFLAGS: 00010293
[  557.370793][ T3742] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
[  557.370808][ T3742] RDX: ffff88807cde0000 RSI: ffffffff841a0413 RDI: 0000000000000003
[  557.370824][ T3742] RBP: ffff88801e5e8150 R08: 0000000000000000 R09: 0000000000000001
[  557.370840][ T3742] R10: ffffffff841a018f R11: 0000000000000000 R12: 1ffff920008a4e9b
[  557.370856][ T3742] R13: 0000000000000cc0 R14: ffff8880731d2450 R15: 00000000c0000000
[  557.370873][ T3742] FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[  557.370895][ T3742] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  557.370913][ T3742] CR2: 00007f760fc7b000 CR3: 000000007f876000 CR4: 00000000003506e0
[  557.370929][ T3742] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  557.370944][ T3742] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  557.370960][ T3742] Call Trace:
[  557.370967][ T3742]  <TASK>
[  557.370980][ T3742]  ? ref_tracker_free+0x6b0/0x6b0
[  557.371014][ T3742]  ? debug_object_free+0x350/0x350
[  557.371045][ T3742]  ? rcu_read_lock_sched_held+0x3a/0x70
[  557.371162][ T3742]  ? lockdep_init_map_type+0x21a/0x7f0
[  557.371198][ T3742]  nf_nat_masq_schedule.part.0+0x3f8/0x630
[  557.371226][ T3742]  ? nf_nat_masquerade_inet_unregister_notifiers+0x70/0x70
[  557.371259][ T3742]  ? device_cmp+0x140/0x140
[  557.371287][ T3742]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  557.371312][ T3742]  ? nf_tables_flowtable_event+0x31/0x460
[  557.371338][ T3742]  ? masq_device_event+0xc9/0x120
[  557.371367][ T3742]  masq_device_event+0xf1/0x120
[  557.371395][ T3742]  notifier_call_chain+0xb5/0x200
[  557.371429][ T3742]  call_netdevice_notifiers_info+0xb5/0x130
[  557.371463][ T3742]  dev_close_many+0x2ff/0x620
[  557.371494][ T3742]  ? __skb_gso_segment+0x6e0/0x6e0
[  557.371517][ T3742]  ? lock_release+0x720/0x720
[  557.371556][ T3742]  unregister_netdevice_many+0x3ff/0x1890
[  557.371591][ T3742]  ? __mutex_lock+0x21a/0x12f0
[  557.371613][ T3742]  ? netdev_pick_tx+0xbe0/0xbe0
[  557.371640][ T3742]  ? nsim_destroy+0x35/0x190
[  557.371668][ T3742]  ? netlink_broadcast+0x3f9/0xd60
[  557.371699][ T3742]  ? mutex_lock_io_nested+0x1150/0x1150
[  557.371728][ T3742]  unregister_netdevice_queue+0x2dd/0x3c0
[  557.371756][ T3742]  ? unregister_netdevice_many+0x1890/0x1890
[  557.371783][ T3742]  ? queue_delayed_work_on+0xe6/0x120
[  557.371810][ T3742]  ? lockdep_hardirqs_on+0x79/0x100
[  557.371833][ T3742]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  557.371856][ T3742]  ? queue_delayed_work_on+0xbb/0x120
[  557.371887][ T3742]  nsim_destroy+0x3f/0x190
[  557.371917][ T3742]  __nsim_dev_port_del+0x191/0x250
[  557.371943][ T3742]  nsim_dev_port_del_all+0x85/0xe0
[  557.371970][ T3742]  nsim_dev_reload_destroy+0x11f/0x420
[  557.372000][ T3742]  nsim_dev_reload_down+0xdf/0x180
[  557.372027][ T3742]  devlink_reload+0x1c2/0x6b0
[  557.372057][ T3742]  ? devlink_remote_reload_actions_performed+0xa0/0xa0
[  557.372083][ T3742]  ? devlink_try_get+0x159/0x1e0
[  557.372117][ T3742]  ? __mutex_unlock_slowpath+0x157/0x5e0
[  557.372147][ T3742]  devlink_pernet_pre_exit+0x17e/0x220
[  557.372173][ T3742]  ? devlink_nl_cmd_get_dumpit+0x3f0/0x3f0
[  557.372211][ T3742]  ? devlink_nl_cmd_get_dumpit+0x3f0/0x3f0
[  557.372239][ T3742]  cleanup_net+0x451/0xb00
[  557.372263][ T3742]  ? lockdep_hardirqs_on+0x79/0x100
[  557.372288][ T3742]  ? unregister_pernet_device+0x70/0x70
[  557.372329][ T3742]  process_one_work+0x996/0x1610
[  557.372365][ T3742]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  557.372396][ T3742]  ? rwlock_bug.part.0+0x90/0x90
[  557.372422][ T3742]  ? _raw_spin_lock_irq+0x41/0x50
[  557.372458][ T3742]  worker_thread+0x665/0x1080
[  557.372494][ T3742]  ? __kthread_parkme+0x15f/0x220
[  557.372524][ T3742]  ? process_one_work+0x1610/0x1610
[  557.372552][ T3742]  kthread+0x2e9/0x3a0
[  557.372572][ T3742]  ? kthread_complete_and_exit+0x40/0x40
[  557.372599][ T3742]  ret_from_fork+0x1f/0x30
[  557.372645][ T3742]  </TASK>
[  557.372653][ T3742] irq event stamp: 15002863
[  557.372662][ T3742] hardirqs last  enabled at (15002867): [<ffffffff815fb888>] __down_trylock_console_sem+0x108/0x120
[  557.372696][ T3742] hardirqs last disabled at (15002870): [<ffffffff815fb86a>] __down_trylock_console_sem+0xea/0x120
[  557.372729][ T3742] softirqs last  enabled at (15002422): [<ffffffff8147ca53>] __irq_exit_rcu+0x123/0x180
[  557.372755][ T3742] softirqs last disabled at (15002341): [<ffffffff8147ca53>] __irq_exit_rcu+0x123/0x180
[  557.372781][ T3742] ---[ end trace 0000000000000000 ]---
[  557.380672][T10197] ------------[ cut here ]------------
[  557.380724][T10197] WARNING: CPU: 1 PID: 10197 at lib/ref_tracker.c:110 ref_tracker_free+0x4e4/0x6b0
[  557.380763][T10197] Modules linked in:
[  557.380777][T10197] CPU: 1 PID: 10197 Comm: kworker/1:8 Tainted: G        W         5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  557.380803][T10197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  557.380817][T10197] Workqueue: events iterate_cleanup_work
[  557.380845][T10197] RIP: 0010:ref_tracker_free+0x4e4/0x6b0
[  557.380868][T10197] Code: 00 00 00 00 00 fc ff df 80 3c 02 00 0f 85 c3 01 00 00 48 b8 22 01 00 00 00 00 ad de 49 89 46 08 e9 71 fe ff ff e8 8c 41 5f fd <0f> 0b e9 bd fb ff ff e8 80 41 5f fd 4c 8d 75 48 be 04 00 00 00 bb
[  557.380890][T10197] RSP: 0018:ffffc90002d9fbc0 EFLAGS: 00010293
[  557.380908][T10197] RAX: 0000000000000000 RBX: ffff8880731d2450 RCX: 0000000000000000
[  557.380923][T10197] RDX: ffff88801e679d80 RSI: ffffffff8419ff24 RDI: 0000000000000003
[  557.380938][T10197] RBP: ffff88801e5e8150 R08: 0000000000000001 R09: 0000000000000001
[  557.380952][T10197] R10: ffffffff8419fadf R11: 0000000000000000 R12: 1ffff920005b3f7a
[  557.380967][T10197] R13: 0000000000000001 R14: ffff88801b08c700 R15: ffff8880b9d39840
[  557.380983][T10197] FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[  557.381006][T10197] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  557.381021][T10197] CR2: 00007f760fc7b000 CR3: 000000007f876000 CR4: 00000000003506e0
[  557.381037][T10197] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  557.381050][T10197] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  557.381065][T10197] Call Trace:
[  557.381071][T10197]  <TASK>
[  557.381078][T10197]  ? nf_ct_iterate_cleanup+0x33a/0x410
[  557.381159][T10197]  ? nf_ct_port_nlattr_to_tuple+0x1d0/0x1d0
[  557.381187][T10197]  ? ref_tracker_dir_exit+0x3e0/0x3e0
[  557.381212][T10197]  ? nf_ct_iterate_cleanup_net+0x239/0x400
[  557.381239][T10197]  ? nf_nat_masquerade_inet_unregister_notifiers+0x70/0x70
[  557.381268][T10197]  ? nf_ct_iterate_cleanup+0x410/0x410
[  557.381293][T10197]  ? lock_release+0x720/0x720
[  557.381318][T10197]  ? nf_nat_masquerade_inet_unregister_notifiers+0x70/0x70
[  557.381347][T10197]  ? lockdep_hardirqs_on+0x79/0x100
[  557.381372][T10197]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  557.381407][T10197]  iterate_cleanup_work+0x9a/0x180
[  557.381434][T10197]  process_one_work+0x996/0x1610
[  557.381470][T10197]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  557.381499][T10197]  ? rwlock_bug.part.0+0x90/0x90
[  557.381525][T10197]  ? _raw_spin_lock_irq+0x41/0x50
[  557.381558][T10197]  worker_thread+0x665/0x1080
[  557.381594][T10197]  ? process_one_work+0x1610/0x1610
[  557.381620][T10197]  kthread+0x2e9/0x3a0
[  557.381639][T10197]  ? kthread_complete_and_exit+0x40/0x40
[  557.381664][T10197]  ret_from_fork+0x1f/0x30
[  557.381705][T10197]  </TASK>
[  557.381713][T10197] irq event stamp: 650345
[  557.381720][T10197] hardirqs last  enabled at (650349): [<ffffffff815fb888>] __down_trylock_console_sem+0x108/0x120
[  557.381753][T10197] hardirqs last disabled at (650352): [<ffffffff815fb86a>] __down_trylock_console_sem+0xea/0x120
[  557.381785][T10197] softirqs last  enabled at (650164): [<ffffffff87906dac>] nf_ct_iterate_cleanup+0x1dc/0x410
[  557.381816][T10197] softirqs last disabled at (650162): [<ffffffff87906c9e>] nf_ct_iterate_cleanup+0xce/0x410
[  557.381846][T10197] ---[ end trace 0000000000000000 ]---
[  557.381863][T10197] ------------[ cut here ]------------
[  557.381870][T10197] refcount_t: underflow; use-after-free.
[  557.382281][T10197] WARNING: CPU: 1 PID: 10197 at lib/refcount.c:28 refcount_warn_saturate+0x1d1/0x1e0
[  557.382317][T10197] Modules linked in:
[  557.382327][T10197] CPU: 1 PID: 10197 Comm: kworker/1:8 Tainted: G        W         5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  557.382352][T10197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  557.382366][T10197] Workqueue: events iterate_cleanup_work
[  557.382390][T10197] RIP: 0010:refcount_warn_saturate+0x1d1/0x1e0
[  557.382417][T10197] Code: e9 db fe ff ff 48 89 df e8 8c 4e cd fd e9 8a fe ff ff e8 32 bd 81 fd 48 c7 c7 e0 ec 26 8a c6 05 bc ec ac 09 01 e8 c7 fc 30 05 <0f> 0b e9 af fe ff ff 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55
[  557.382438][T10197] RSP: 0018:ffffc90002d9fcd0 EFLAGS: 00010282
[  557.382456][T10197] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  557.382470][T10197] RDX: ffff88801e679d80 RSI: ffffffff81601ae8 RDI: fffff520005b3f8c
[  557.382486][T10197] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001
[  557.382500][T10197] R10: ffffffff815fc4be R11: 0000000000000000 R12: ffff88801e5e8000
[  557.382514][T10197] R13: ffff88801e5e814c R14: ffff88801b08c700 R15: ffff8880b9d39840
[  557.382530][T10197] FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[  557.382552][T10197] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  557.382569][T10197] CR2: 00007f760fc7b000 CR3: 000000007f876000 CR4: 00000000003506e0
[  557.382584][T10197] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  557.382598][T10197] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  557.382613][T10197] Call Trace:
[  557.382619][T10197]  <TASK>
[  557.382628][T10197]  iterate_cleanup_work+0x145/0x180
[  557.382656][T10197]  process_one_work+0x996/0x1610
[  557.382690][T10197]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  557.382719][T10197]  ? rwlock_bug.part.0+0x90/0x90
[  557.382744][T10197]  ? _raw_spin_lock_irq+0x41/0x50
[  557.382777][T10197]  worker_thread+0x665/0x1080
[  557.382813][T10197]  ? process_one_work+0x1610/0x1610
[  557.382839][T10197]  kthread+0x2e9/0x3a0
[  557.382857][T10197]  ? kthread_complete_and_exit+0x40/0x40
[  557.382883][T10197]  ret_from_fork+0x1f/0x30
[  557.382922][T10197]  </TASK>
[  557.382929][T10197] irq event stamp: 650515
[  557.382937][T10197] hardirqs last  enabled at (650519): [<ffffffff815fb888>] __down_trylock_console_sem+0x108/0x120
[  557.382969][T10197] hardirqs last disabled at (650522): [<ffffffff815fb86a>] __down_trylock_console_sem+0xea/0x120
[  557.383000][T10197] softirqs last  enabled at (650164): [<ffffffff87906dac>] nf_ct_iterate_cleanup+0x1dc/0x410
[  557.383031][T10197] softirqs last disabled at (650162): [<ffffffff87906c9e>] nf_ct_iterate_cleanup+0xce/0x410
[  557.383062][T10197] ---[ end trace 0000000000000000 ]---
[  558.635950][   T11] CPU: 0 PID: 11 Comm: kworker/u4:1 Tainted: G        W         5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0
[  558.647397][   T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  558.657449][   T11] Workqueue: krdsd rds_connect_worker
[  558.662824][   T11] Call Trace:
[  558.666094][   T11]  <TASK>
[  558.669021][   T11]  dump_stack_lvl+0xcd/0x134
[  558.673616][   T11]  panic+0x2d7/0x636
[  558.677545][   T11]  ? panic_print_sys_info.part.0+0x10b/0x10b
[  558.683532][   T11]  ? __warn.cold+0x1d1/0x2c5
[  558.688122][   T11]  ? refcount_warn_saturate+0x169/0x1e0
[  558.693666][   T11]  __warn.cold+0x1e2/0x2c5
[  558.698081][   T11]  ? refcount_warn_saturate+0x169/0x1e0
[  558.703623][   T11]  report_bug+0x1bd/0x210
[  558.707953][   T11]  handle_bug+0x3c/0x60
[  558.712123][   T11]  exc_invalid_op+0x14/0x40
[  558.716623][   T11]  asm_exc_invalid_op+0x12/0x20
[  558.721469][   T11] RIP: 0010:refcount_warn_saturate+0x169/0x1e0
[  558.727623][   T11] Code: 09 31 ff 89 de e8 87 c1 81 fd 84 db 0f 85 36 ff ff ff e8 9a bd 81 fd 48 c7 c7 80 ec 26 8a c6 05 25 ed ac 09 01 e8 2f fd 30 05 <0f> 0b e9 17 ff ff ff e8 7b bd 81 fd 0f b6 1d 0a ed ac 09 31 ff 89
[  558.747244][   T11] RSP: 0018:ffffc90000107b80 EFLAGS: 00010286
[  558.753303][   T11] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  558.761264][   T11] RDX: ffff888010f03b00 RSI: ffffffff81601ae8 RDI: fffff52000020f62
[  558.770964][   T11] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  558.779359][   T11] R10: ffffffff815fc4be R11: 0000000000000000 R12: ffff88801e5e8000
[  558.787325][   T11] R13: ffff88801c62c800 R14: ffff88801e5e814c R15: ffff8880774ba900
[  558.795312][   T11]  ? wake_up_klogd.part.0+0x8e/0xd0
[  558.800543][   T11]  ? vprintk+0x88/0x90
[  558.804635][   T11]  rds_tcp_tune+0x5a0/0x5f0
[  558.809151][   T11]  rds_tcp_conn_path_connect+0x489/0x880
[  558.814794][   T11]  ? rds_tcp_state_change+0x240/0x240
[  558.820192][   T11]  ? lock_release+0x720/0x720
[  558.824884][   T11]  ? lock_downgrade+0x6e0/0x6e0
[  558.829742][   T11]  ? lockdep_hardirqs_on+0x79/0x100
[  558.834945][   T11]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  558.840930][   T11]  rds_connect_worker+0x1a5/0x2c0
[  558.845956][   T11]  process_one_work+0x996/0x1610
[  558.850897][   T11]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  558.856266][   T11]  ? rwlock_bug.part.0+0x90/0x90
[  558.861198][   T11]  ? _raw_spin_lock_irq+0x41/0x50
[  558.866224][   T11]  worker_thread+0x665/0x1080
[  558.870906][   T11]  ? process_one_work+0x1610/0x1610
[  558.876102][   T11]  kthread+0x2e9/0x3a0
[  558.880174][   T11]  ? kthread_complete_and_exit+0x40/0x40
[  558.885825][   T11]  ret_from_fork+0x1f/0x30
[  558.890279][   T11]  </TASK>
[  558.893762][   T11] Kernel Offset: disabled
[  558.898244][   T11] Rebooting in 86400 seconds..